Security Engineer, Android Product Security
- linkCopy link
- emailEmail a friend
Minimum qualifications:
- Bachelor's degree or equivalent practical experience.
- 2 years of experience with security assessments, penetration testing, or vulnerability research on the Android platform or Android applications.
- 2 years of experience with security engineering, computer and network security and security protocols.
- 2 years of coding experience in one or more general purpose languages.
Preferred qualifications:
- Experience designing and building LLM-based agentic workflows, frameworks, or automation tools specifically targeted at vulnerability research and remediation.
- Direct experience participating in, triaging, or receiving rewards from high-impact Vulnerability Reward Programs (VRPs).
- Familiarity with Artificial Intelligence (AI) and Large Language Model (LLM) concepts, with a demonstrated interest in applying them to security domains.
- Proven track record in Android platform security research, as demonstrated by public CVEs, published whitepapers, or presentations at reputable security conferences (e.g., Black Hat, DEF CON, etc.).
- Foundational understanding of the Android operating system architecture, security model, and common attack surfaces.
About the job
In this role, you will join the Android Product Security Engineering (APSE) a cross-functional team tasked with ensuring Android is the most secure and defended operating system in the world, protecting the entire ecosystem of three billion devices. You will achieve this by collaborating with internal partners across Android Security, Development, and Partner Engineering, as well as stakeholders outside of Android such as Chrome, and engage with a vast network of external partners, including SoC manufacturers and telecom carriers. You will secure this ecosystem by leading the industry-defining Android Vulnerability Reward Program (VRP) and pioneering AI-driven security engineering projects to drive advanced vulnerability research and mitigation at scale.As a Security Engineer, you will play a pivotal role in enhancing the Android ecosystem's security posture, focusing heavily on driving AI-powered security innovation alongside operational vulnerability response.
In this role, you will build AI/LLM-driven Security Engineering projects, rather than just streamlining existing pipelines, build and deploy cross-functional AI tooling designed to proactively scale in-depth Android vulnerability research and automate complex mitigation strategies, as these tools require deep domain expertise to build effectively, the engineer is expected to have a strong, foundational understanding of Android threat vectors and attack surfaces.
You will actively participate in the Android Vulnerability Reward Program (VRP) by participating in the triage rotations and engaging with the external researcher community. You will apply platform expertise to conduct comprehensive security research, respond to vulnerabilities in both pre-release and in-market Android products, and partner directly with feature teams to implement robust mitigation solutions.
Individual pay is determined by factors including job-related skills, experience, and relevant education or training.
US: $147000 - $211000 (USD) + 15% bonus target + bonus + equity + benefits
Learn more about benefits at Google.
Responsibilities
- Build cross-functional AI and Large Language Model (LLM) tooling to scale advanced vulnerability research, defensive engineering, and mitigation strategies across the organization.
- Participate in the Android and Device VRP program in analyzing and triaging incoming Vulnerabilities, working with cross-functional teams for vulnerability management and tool building, while proactively incorporating AI/LLMs into our VRP pipeline to improve efficiency.
- Conduct deep-dive security research into Android vulnerabilities and threat vectors, converting VRP reports into prioritized platform mitigation solutions and partner with Product/Feature teams to land them.
- Embed security by design through providing expert product security consultation and conducting comprehensive security design reviews for new Android features.
Information collected and processed as part of your Google Careers profile, and any job applications you choose to submit is subject to Google's Applicant and Candidate Privacy Policy.
Google is proud to be an equal opportunity and affirmative action employer. We are committed to building a workforce that is representative of the users we serve, creating a culture of belonging, and providing an equal employment opportunity regardless of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition (including breastfeeding), expecting or parents-to-be, criminal histories consistent with legal requirements, or any other basis protected by law. See also Google's EEO Policy, Know your rights: workplace discrimination is illegal, Belonging at Google, and How we hire.
If you have a need that requires accommodation, please let us know by completing our Accommodations for Applicants form.
Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is a requirement for all roles unless stated otherwise in the job posting.
To all recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias, Google employees, or any other organization location. Google is not responsible for any fees related to unsolicited resumes.
Equity is granted exclusively and discretionarily by Alphabet Inc. on the basis of an agreement concluded between you and Alphabet Inc. Alphabet Inc. is your sole contractual partner with respect to equity grants. GSU grants are not guaranteed, are discretionary, are subject to approval by the Alphabet Inc. board of directors or its delegate, the terms of the relevant Alphabet Inc. stock plan, and your grant agreement. They have no impact on statutory payments. Current or past grants do not confer an acquired right.