job description
Join Google as a Senior Information Security Engineer specializing in Product Security and play a pivotal role in safeguarding one of the worldâs most trusted technology ecosystems. Based in the vibrant and dynamic regions of Bali, Indonesia (with flexibility to work from Canggu, Ubud, Denpasar, or other key areas), youâll collaborate with cross-functional teams to identify vulnerabilities, implement cutting-edge security solutions, and drive automation to fortify Googleâs core products against evolving threats.
This is a unique opportunity to leverage your expertise in application security, threat modeling, and secure coding practices while contributing to high-impact projects that shape the future of digital security. Google offers a remote-first work environment with the option to engage in local tech communities, ensuring a perfect blend of professional growth and work-life balance in paradise.
Why this role? Because at Google, security isnât just a featureâitâs the foundation of everything we build. Your work will directly influence the safety and trust of billions of users worldwide.
Responsibility
- Security Architecture & Design: Develop and enforce security best practices for Googleâs products, ensuring robust protection against threats.
- Vulnerability Assessment: Conduct regular security audits, penetration testing, and code reviews to identify and mitigate risks.
- Automation & Tooling: Build and deploy automated security tools to streamline threat detection and response.
- Threat Modeling: Proactively assess potential security risks and design countermeasures for new and existing systems.
- Incident Response: Lead investigations into security breaches and implement remediation strategies.
- Cross-Functional Collaboration: Partner with engineering, product, and legal teams to embed security into every phase of development.
- Compliance & Standards: Ensure adherence to global security standards (e.g., ISO 27001, NIST, GDPR).
- Mentorship & Training: Educate teams on secure coding practices and emerging security trends.
Qualifications
- 5+ years of experience in Information Security, Product Security, or Application Security.
- Deep expertise in secure coding (Python, Java, Go, C++), OWASP Top 10, and web/mobile security.
- Hands-on experience with static/dynamic analysis tools (e.g., Burp Suite, OWASP ZAP, SAST/DAST).
- Strong knowledge of cloud security (GCP, AWS, Azure) and containerization (Docker, Kubernetes).
- Familiarity with cryptography, authentication protocols, and zero-trust architectures.
- Certifications such as CISSP, CEH, OSCP, or CSSLP are a plus.
- Proven ability to automate security processes using scripts or custom tools.
- Excellent communication skills to articulate complex security concepts to non-technical stakeholders.