Minimum qualifications:
- Bachelor's degree or equivalent practical experience.
- 8 years of experience with security assessments or security design reviews or threat modeling.
- 8 years of experience with security engineering, computer and network security and security protocols.
- 8 years of coding experience in one or more general purpose languages.
- 3 years of experience leading teams in a technical capacity or leading technical risk analysis in an enterprise environment.
- 3 years of experience in incident management.
- Industry-recognized security certifications such as OSCP, SANS GIAC certifications (e.g., GSEC, GPEN, GWAPT).
- Experience with information security incident and threat assessments (incident response, penetration testing, vulnerability assessments).
- Understanding full software stack from devices (embedded, mobile, web) to frontend serving stack, backend, video streaming systems, global networking, crypto, protocols.
Want more jobs like this?
Get jobs in South San Francisco, CA delivered to your inbox every week.
About the job
At YouTube, we believe that everyone deserves to have a voice, and that the world is a better place when we listen, share, and build community through our stories. We work together to give everyone the power to share their story, explore what they love, and connect with one another in the process. Working at the intersection of cutting-edge technology and boundless creativity, we move at the speed of culture with a shared goal to show people the world. We explore new ideas, solve real problems, and have fun - and we do it all together.
The US base salary range for this full-time position is $189,000-$284,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.
Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google .
Responsibilities
- Lead the security strategy for YouTube and consult on security incidents across YouTube products.
- Review and develop secure operational practices, provide security guidance to engineers and support staff, and respond to vulnerabilities with appropriate repositories, mitigations, and hardening.
- Engage with penetration testing teams and employ techniques like reverse engineering, fuzzing, and static analysis to identify vulnerabilities.
- Review designs for security gaps, both with one-time and longer term engagements, and surface vulnerability patterns and design them out.
- Explore foundational / LLM models for identifying security gaps in product areas.