Requirements:

Bachelor's degree in Computer Science, Information Security, a related field, or equivalent practical experience.
5 years of experience in security engineering, offensive security (Red Team/Purple Team), or platform engineering roles.
Experience with infrastructure-as-code and GitOps (e.g., Terraform, Helm, ArgoCD) and cloud-native security orchestration.
Experience with Kubernetes security (e.g., workload isolation, RBAC, network policies) and container orchestration.
Experience in scripting and development languages (e.g., Python, Go) for building custom security tooling, automation, and exploit Proof-of-Concept (PoCs).
Active, or the ability to obtain, a Developed Vetting (DV) UK security clearance.

Nice to haves:

Advanced offensive security certifications (e.g., OSCP, OSEP, OSCE, GXPN).
Experience in conducting full-scope Red Team engagements and Purple Team exercises in cloud-native environments.
Experience developing custom exploits, adversary emulation scenarios, or security automation frameworks for internal testing.
Knowledge of cloud-native logging, monitoring, and Security Information and Event Management (SIEM) integration for detecting sophisticated adversary tactics.
Understanding of Kubernetes attack surfaces, including container escapes, privilege escalation, and lateral movement techniques.
Current and active UK Developed Vetting (DV) Security Clearance.

Design, develop, and maintain the automation platforms and tooling required to execute Red Team operations, Purple Team exercises, and comprehensive attack path reviews.
Create and deploy Proof-of-Concept (PoC) exploits and validations to proactively test and harden cloud infrastructure security.
Collaborate with security engineering and platform teams to build scalable security validation frameworks that integrate seamlessly into CI/CD pipelines.
Analyse complex cloud and Kubernetes architectures to identify and document potential attack vectors, mapping them against threat models to prioritise security improvements.
Support defensive hardening efforts by providing actionable insights and telemetry from security validation exercises, ensuring continuous improvement of detection and response capabilities.

Information collected and processed as part of your Google Careers profile, and any job applications you choose to submit is subject to Google's Applicant and Candidate Privacy Policy.
Google is proud to be an equal opportunity and affirmative action employer.
If you have a need that requires accommodation, please let us know by completing our Accommodations for Applicants form.
Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is a requirement for all roles unless stated otherwise in the job posting.
To all recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias.