Security Engineer, AI Agent Security

Minimum qualifications:

• Bachelor's degree or equivalent practical experience.
• 2 years of experience with security assessments or security design reviews or threat modeling and common attack vectors, and mitigation principles.
• 2 years of experience with security engineering, computer and network security and security protocols.
• 2 years of coding experience in one or more general purpose languages.
• 2 years of experience in security research, vulnerability analysis, pen testing, or a similar role, including analyzing systems, identifying security weaknesses, and thinking like an attacker.

Preferred qualifications:

• Master's or PhD degree in Computer Science or a related technical field with a specialization in Security, AI/ML, or a related area.
• Experience in security research contributions (e.g., publications in relevant security/machine learning venues, common vulnerabilities and exposures conference talks, open-source tools).
• Experience in AI/ML security research, including areas like adversarial ML, prompt injection, model extraction, or privacy-preserving machine learning.
• Experience developing or evaluating security controls for large-scale systems.
• Experience in secure coding practices, vulnerability analysis, security architecture, and web security.
• Familiarity with the architecture and potential failure modes of LLMs and AI agent systems.

About the job

Our Security team works to create and maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively monitor our systems for attacks and intrusions. In this role, you will also work with software engineers to proactively identify and fix security flaws and vulnerabilities. The Core team builds the technical foundation behind Google’s flagship products. We are owners and advocates for the underlying design elements, developer platforms, product components, and infrastructure at Google. These are the essential building blocks for excellent, safe, and coherent experiences for our users and drive the pace of innovation for every developer. We look across Google’s products to build central solutions, break down technical barriers and strengthen existing systems. As the Core team, we have a mandate and a unique opportunity to impact important technical decisions across the company.

Responsibilities

• Conduct research to identify, analyze, and understand novel security threats, vulnerabilities, and attack vectors targeting AI agents and underlying LLMs (e.g., advanced prompt injection, data exfiltration, adversarial manipulation, attacks on reasoning/planning).
• Design, prototype, evaluate, and refine innovative defense mechanisms and mitigation strategies against identified threats, spanning model-based defenses, runtime controls, and detection techniques.
• Develop proof-of-concept exploits and testing methodologies to validate vulnerabilities and assess the effectiveness of proposed defenses.
• Collaborate with engineering and research teams to translate research findings into practical, scalable security solutions deployable across Google's agent ecosystem.
• Stay current with the AI security, adversarial ML, and related security fields through literature review, conference attendance, and community engagement.