Staff Security Engineer, AI Vulnerability Research

Staff Security Engineer, AI Vulnerability Research

Apply

• Bachelor's degree or equivalent practical experience.
• 8 years of experience in security engineering.
• Experience in operational security risk assessments or vulnerability assessment.

Preferred qualifications:

• Experience supporting security attack prevention, compliance audits, and programs.
• Experience in one or more programming languages suitable for security research and prototyping (e.g., Python).
• Experience with security monitoring and analysis tools.
• Interest and experience in mentoring junior team members.
• Experience in offensive security and vulnerability research.

About the job

Our Security team works to create and maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively monitor our systems for attacks and intrusions. You will also collaborate with software engineers to proactively identify and fix security flaws and vulnerabilities.

Responsibilities

• Identify security vulnerabilities in Google's core AI and ML infrastructure through technical analysis, code review, design review, and fuzzing.
• Conduct vulnerability research into specific components and threat areas, such as model exfiltration vectors, tampering techniques, insecure input management, or infrastructure abuse potential.
• Develop proof of concept exploits and tools to demonstrate impact and exploitability of discovered vulnerabilities. Lead and participate in offensive security exercises (e.g., Orange Team, pen tests) against critical AI systems and infrastructure.
• Analyze complex system architectures and threat models related to AI development and deployment to identify systemic weaknesses and security gaps. Collaborate with AISS hardening engineers and ML infrastructure teams to design and validate effective mitigations.
• Document research findings, vulnerability details, exploitation techniques, and mitigation recommendations for technical audiences.

Google is proud to be an equal opportunity and affirmative action employer. We are committed to creating a diverse workforce and an inclusive culture, providing equal employment opportunities regardless of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related conditions, or any other protected basis. See Google's EEO Policy, Know your rights: workplace discrimination is illegal, Belonging at Google, and How we hire.

Google is a global company, and English proficiency is required for all roles unless stated otherwise.

To recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias, Google employees, or any other organization. We are not responsible for fees related to unsolicited resumes.