Jobfoundry
Jobfoundry
Google

Staff Security Engineer, Third Party Security Diligence

Google
TechnologySingaporeOnsitePosted 2 weeks ago
Apply on company site

About the role

Staff Security Engineer focused on third-party vendor security diligence across Alphabet. Leads enterprise security initiatives by assessing vendor security postures, automating risk workflows, and mentoring security engineers to uphold Alphabet's security standards.

TechnologyOnsite

Key Responsibilities

  • Establish a foundational framework for Third-Party Security Diligence (3PSD) engineering to automate and integrate security requirements seamlessly into the broader One Third Party Risk Management (TPRM) ecosystem.
  • Architect AI/ML-driven automation to accelerate vendor on boarding velocity and implement a centralized data engine that provides executive-level visibility and granular risk metrics across Alphabet.
  • Manage Complex Escalations, act as the primary technical lead for escalations, evaluating edge-case architectures and designing technical road maps for high-risk vendors to ensure they meet Alphabet's security standards.
  • Partner with specialized security teams (eg. Cloud, Identity, SaaS etc.) to conduct holistic reviews and engineer "Golden Path" blueprints for common high-risk third-party scenarios.
  • Provide foundational technical leadership and mentorship to security engineers, driving strategic direction and high-impact risk reduction initiatives across the organisation.

Requirements

  • Bachelor's degree or equivalent practical experience.
  • 8 years of coding experience in one or more general purpose languages (e.g., Python, C, C++, Java, Go).
  • 8 years of experience with security engineering, computer and network security and security protocols.
  • 5 years of experience with security leading teams in a technical capacity or leading technical risk analysis in an enterprise environment.
  • Experience, building, deploying and reviewing automation for complex security workflows, including use of both AI-driven and traditional automation tools.
  • Experience in technical leadership and knowledge of relevant enterprise security domains, particularly in threat modeling, security assessments, authentication and access controls, SaaS security, Cloud Security and data protection.
  • Ability to partner with global stakeholders to align technical strategies and security initiatives with broader organizational objectives.