Security Engineer, Abuse Vulnerability Rewards Program

Google's Security team works to create and maintain the safest operating environment for Google's users and developers. As a Security Engineer in the Vulnerability Rewards Program (VRP) team, you will be responsible for assessing VRP reports, interacting with researchers and product teams, deciding on rewards for reporters, and managing coordinated disclosure of vulnerabilities.

The role involves managing day-to-day operations of the Abuse VRP, including triaging incoming reports, ensuring timely assessments, and driving resolutions in collaboration with product teams. You will foster communication between researchers and product teams, facilitate seamless collaboration, and ensure timely vulnerability remediation.

Key responsibilities include evaluating reported vulnerabilities, considering their severity, impact, and exploitability to determine appropriate rewards. You will engage with the VRP community and contribute to cross-team initiatives to enhance the bug bounty experience for all reporters. Additionally, you will work on improving Abuse VRP operations and tooling by refining processes and developing new features to streamline workflows and enhance efficiency.

The ideal candidate should have experience with security assessments, security design reviews, or threat modeling. Knowledge of security engineering, computer and network security, and security protocols is essential. Coding experience, particularly in Python, is required. Experience with Generative AI or similar AI/ML systems, working with external parties, and bug bounties would be advantageous.

This role offers an opportunity to work at the forefront of cybersecurity, protecting Google's systems and users while collaborating with a diverse team of security professionals and researchers. Join Google's Security team and make a significant impact on the safety and security of one of the world's leading technology companies.