Careers
Careers

job details

Back to jobs search

Jobs search results

2,806 jobs matched
Back to jobs search

Information Security Software Engineer II, Supply Chain Security

GoogleKirkland, WA, USA

Minimum qualifications:

  • Bachelor’s degree or equivalent practical experience.
  • 1 year of experience building software for data privacy or security .
  • 1 year of experience with software development in one or more programming languages (e.g., Python, C, C++, Java).

Preferred qualifications:

  • 1 year of experience with data structures or algorithms.
  • Experience with software supply-chain security metrics and risk mitigation.
  • Experience with large-scale vulnerability life-cycle management.
  • Experience building scalable software systems.

About the job

Google's software engineers develop the next-generation technologies that change how billions of users connect, explore, and interact with information and one another. Our products need to handle information at massive scale, and extend well beyond web search. We're looking for engineers who bring fresh ideas from all areas, including information retrieval, distributed computing, large-scale system design, networking and data storage, security, artificial intelligence, natural language processing, UI design and mobile; the list goes on and is growing every day. As a software engineer, you will work on a specific project critical to Google’s needs with opportunities to switch teams and projects as you and our fast-paced business grow and evolve. We need our engineers to be versatile, display leadership qualities and be enthusiastic to take on new problems across the full-stack as we continue to push technology forward.

With your technical expertise you will manage project priorities, deadlines, and deliverables. You will design, develop, test, deploy, maintain, and enhance software solutions.

As an Information Security Engineer you will contribute to the company-wide program securing Google against software supply chain threats. In this role, you will have the opportunity for wide influence within Google and across the industry. You will solve open-ended problems. We go from initial security research to engineering away classes of problems and addressing their root cause. You will Identify the most critical security risks and the right approach to addressing them. You will build processes and tools that not only reduce risk, but also keep developers happy and productive. You will define the right metrics to measure our progress and the company's exposure.

The Core team builds the technical foundation behind Google’s flagship products. We are owners and advocates for the underlying design elements, developer platforms, product components, and infrastructure at Google. These are the essential building blocks for excellent, safe, and coherent experiences for our users and drive the pace of innovation for every developer. We look across Google’s products to build central solutions, break down technical barriers and strengthen existing systems. As the Core team, we have a mandate and a unique opportunity to impact important technical decisions across the company.

The US base salary range for this full-time position is $118,000-$170,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.

Responsibilities

  • Come up with and build solutions for supply chain problems, reducing Google’s security exposure from thousands of products using tens of thousands of third-party software packages.
  • Develop scalable processes to steer developers and products towards secure dependencies and away from discouraged libraries.
  • Build and evaluate signals and metrics to estimate the security posture of dependencies at scale.
  • Find and inventory third-party code across our monorepo and thousands of other repositories, to enable automated scanning for known vulnerabilities.
  • Fix problems at scale; we don’t just report risk, we build strong partnerships and automated tooling to fix security issues without churn for developers.

Information collected and processed as part of your Google Careers profile, and any job applications you choose to submit is subject to Google's Applicant and Candidate Privacy Policy.

Google is proud to be an equal opportunity and affirmative action employer. We are committed to building a workforce that is representative of the users we serve, creating a culture of belonging, and providing an equal employment opportunity regardless of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition (including breastfeeding), expecting or parents-to-be, criminal histories consistent with legal requirements, or any other basis protected by law. See also Google's EEO Policy, Know your rights: workplace discrimination is illegal, Belonging at Google, and How we hire.

If you have a need that requires accommodation, please let us know by completing our Accommodations for Applicants form.

Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is a requirement for all roles unless stated otherwise in the job posting.

To all recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias, Google employees, or any other organization location. Google is not responsible for any fees related to unsolicited resumes.

Google apps
Main menu