At YouTube, we believe that everyone deserves to have a voice, and that the world is a better place when we listen, share, and build community through our stories. We work together to give everyone the power to share their story, explore what they love, and connect with one another in the process. Working at the intersection of technology and boundless creativity, we move at the speed of culture with a shared goal to show people the world. We explore new ideas, solve real problems, and have fun — and we do it all together.
In this role as a Security Engineer for YouTube, you will help set the focus, direction and impact of YouTube with regards to product and infrastructure security. There is an exciting mix of work to be accomplished across multiple security domains, including security reviews, security education, web application security, vulnerability research, and security data analysis, all with the goal of highlighting and driving down risk.
You will contribute to the security strategy for YouTube, review and develop secure operational practices, provide security guidance for engineers and support staff, lead and consult on security incidents across YouTube products, search for vulnerabilities using techniques like reverse engineering, fuzzing, and static analysis, and explore foundational/Large Language Model (LLM) models for identifying security gaps in product areas.
The ideal candidate should have a Bachelor's degree or equivalent practical experience, 2 years of experience with security assessments or security design reviews or threat modeling, 2 years of experience with security engineering, computer and network security and security protocols, and 2 years of coding experience in one or more general purpose languages.
Preferred qualifications include Technical Security Certifications (OSCP, SANS-SEC460/SEC542/SEC560/SEC588, etc.), experience in development with a focus on Secure Software Development Lifecycle (SSDLC), and understanding of the full software stack from devices to front-end serving stack, back-end, video streaming systems, global networking, crypto, and protocols.