HiringCafe
Posted 6d ago

Principal Engineer, Product Security

@ Google
View All Jobs
Sunnyvale or New York
$307k-$427k/yrOnsiteFull Time
Responsibilities:Lead strategy, Architect defense, Define roadmap
Requirements Summary:Bachelor's in CS/engineering or equivalent; 15+ years software engineering; experience protecting systems; experience in vulnerability management, posture management, or risk analysis.
Technical Tools Mentioned:vulnerability scanning tools, security policy engines, AI/ML security concepts, cloud security
Save
Mark Applied
Hide Job
Report & Hide
Job Description
Note: By applying to this position you will have an opportunity to share your preferred working location from the following: Sunnyvale, CA, USA; New York, NY, USA.

Minimum qualifications:

  • Bachelor's degree in Computer Science, Engineering, or a related technical field, or equivalent practical experience
  • 15 years of experience in software engineering, with 8 years in a technical engineering role
  • Experience with protecting systems
  • Experience in vulnerability management, posture management, or risk analysis

Preferred qualifications:

  • Master's degree in Electrical Engineering, Computer Engineering, or Computer Science
  • Experience motivating others to act by creating a shared sense of vision or purpose, creating a compelling vision for the future, communicating clearly, and employing a collaborative leadership approach
  • Experience leading a distributed team of engineers across organizations, providing clarity and alignment across the organization on goals, outcomes, and timelines
  • Experience with Agentic AI/ML systems and their unique security implications, including policy-based authorization
  • Entrepreneurial and strategic mindset, thriving at the intersection of technology and business with broad technical experience

About the job

As the Principal Engineer for the Product Security team in Privacy, Safety, and Security, you will lead the architectural design for autonomous remediation, creating the "well-lit paths" and policy engines that allow Google to address both software vulnerabilities and systemic misconfigurations safely and at scale. This role requires navigating the complex trade-offs between security and reliability, ensuring that autonomous defense actions do not disrupt Google’s global services. As AI-powered vulnerability discovery begins to outpace traditional human-led remediation—a shift known as the Vuln-Apocalypse—Google requires a new paradigm for defensive security. In this role, you will lead the technical vision for Google’s security posture in an increasingly agentic world. You will bridge the gap between "agentic attackers" that identify risks at near-zero cost and the high-friction environment of manual production fixes.

You will help design a multi-year engineering roadmap, balancing short- and long-term goals and investments, to ensure that Google is well-positioned to continue to protect users while the overall ecosystem continues to grow in complexity and be disrupted by AI.

To be effective in this role, you must be able to flex across both technical and strategic efforts, be comfortable with ambiguity, be an exceptional communicator, be able to build strong relationships and collaborate across functions, have a strong bias to action, and deeply care about our users.

The Core team builds the technical foundation behind Google’s flagship products. We are owners and advocates for the underlying design elements, developer platforms, product components, and infrastructure at Google. These are the essential building blocks for excellent, safe, and coherent experiences for our users and drive the pace of innovation for every developer. We look across Google’s products to build central solutions, break down technical barriers and strengthen existing systems. As the Core team, we have a mandate and a unique opportunity to impact important technical decisions across the company.

The US base salary range for this full-time position is $307,000-$427,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.

Responsibilities

  • Lead the technical vision and multi-year roadmap for Google’s transition to autonomous defense, ensuring security posture can scale alongside AI-driven threats and the development of roadmaps for well-lit paths across tech stacks in these domains.
  • Work with cross-functional leaders of the security domains to get alignment on the roadmaps and enable execution against those, and directly help lead the execution against strategy for some critical projects and areas, partnering with the relevant engineering and cross-functional directors and technical leaders.
  • Develop a comprehensive strategy for Google's scanning and detection ecosystem, defining the optimal mix and integration of internally developed 1P scanning technology with acquisitions and products from the Cloud Security portfolio.
  • Architect the "agentic defender" framework, creating the safety guardrails and policy engines that allow for the autonomous remediation of tier-3 and P1 vulnerabilities.
Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Google's EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know by completing our Accommodations for Applicants form.