Security Engineer, Detection
Generate a McCoy IQ challenge in 30 seconds.
See how candidates think and approach the work this role demands, before the phone screen. We'll build a video challenge from this posting, and you can edit or share it before it goes live.
Key details
Job Description
Our Security team works to create and maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively monitor our systems for attacks and intrusions. In this role, you will also work with software engineers to proactively identify and fix security flaws and vulnerabilities.
The Detection team develops and maintains the signals, tools, and infrastructure that we use, constantly evolving them to match sophisticated attackers. As part of this team, you will be building advanced and novel detection mechanisms for attacker techniques, tactics and procedures, developing systems to automate remediation, conducting threat hunting, and performing network and systems forensics, as well as malware and indicator analysis.
As a Security Engineer in the Infrastructure Detection domain, you will be at the forefront of securing Alphabet's backend platforms and hardware. You will bridge the boundary between Google Cloud Platform (GCP) and production (network, data center). Our outlook is to establish a self-defending enterprise where no adversary can exploit or abuse our global infrastructure undetected. You will help us transition from manual, reactive security models to proactive, highly automated, and AI-driven defense systems capable of sublinear coverage growth. You will help protect network boundaries, harden systems against attacks, and actively build the intelligent automation required to defend highly sensitive data at an unprecedented scale.
Individual pay is determined by factors including job-related skills, experience, and relevant education or training.
US: $123000 - $175000 (USD) + 15% bonus target + equity + benefits
Learn more about benefits at Google .
Design, implement, and maintain high-fidelity detections across critical infrastructure focus areas, including compute (GKE), supply chain, IAM/API (LOAS, Cloud IAM), and network.
Partner with program teams to deploy agentic detection engineering workflows, shifting defenses from "Detect and Respond" to machine-speed "Infer and Interrupt."
Ground detection logic in factual threat data by leveraging proven exploit paths from Red teams, Orange teams, and the Vulnerability Reward Program (VRP).
Reduce manual triage toil and operational burden by optimizing feedback loops between prevention, detection, and response.
Participate in a 24/7 global operation that hunts for and responds to security events on Google's networks. Perform investigations on a wide variety of events from various sources to determine whether they pose a threat to Google.
Minimum qualifications:
Bachelor's degree or equivalent practical experience.
1 year of experience with security assessments or security design reviews or threat modeling.
1 year of coding experience in one or more general purpose languages.
Experience with security engineering, computer and network security and security protocols.
Preferred qualifications:
Experience in responding to security problems in target-rich environments, looking at security alerts, front-line analysis, and response.
Expertise with signals development, threat hunting, and threat modeling.
Expertise in the analysis of large data sets and intrusion detection systems.
Knowledge of modern AI/ML frameworks and tools, including experience in prompt engineering.
Bachelor's degree or equivalent practical experience.
1 year of experience with security assessments or security design reviews or threat modeling.
1 year of coding experience in one or more general purpose languages.
Experience with security engineering, computer and network security and security protocols.
Audit details(provenance, verification trail, raw fields)
Core fields
google:108836916245209798Provenance
googleVerification trail
This posting hasn't been probed by our closure verifier yet. Stream C runs on a rolling schedule against postings approaching the close-decision threshold.
See how we measure for definitions, or our corrections log for known issues. Found something wrong? Flag a correction.
