Google is a leader in technology and innovation, and they are seeking a Senior DevSecOps Engineer for their National Security Public Sector team. In this role, you will focus on creating a secure operating environment, bridging offensive and defensive security practices, and automating security processes to protect sensitive data and systems.
Responsibilities:
- Establish security baselines for agent construction, engineering strict privilege boundaries and data flow mapping between agents, vector databases, and external systems to prevent data leakage and indirect prompt injections
- Integrate automated red-team testing workflows (prompt injection, jailbreaking, privilege escalation) directly into deployment pipelines for continuous compliance with MITRE ATLAS, OWASP, and STRIDE
- Deploy robust container isolation and strict network egress filtering to restrict runtime access, minimizing the exploit blast radius within high-compute GPU/TPU environments
- Integrate automated security tools, image scanning, and software bill of materials (SBOM) generation into pipelines, leveraging enterprise software for secure secrets management across model artifacts
- Build and maintain automated code scanners for deep data flow analysis and fuzzing to catch vulnerabilities while minimizing false positives
Requirements:
- Bachelor's degree or equivalent practical experience
- 5 years of experience with Python, Go, or Bash for system automation, middleware creation, and tool integration
- 5 years of experience in a DevOps or DevSecOps role, including automation and pipeline security
- 5 years of experience managing containerized environments, orchestration tools (Kubernetes), and infrastructure-as-code (IaC) tools like Terraform or Ansible
- Ability to travel up to 25% of the time to engage with customers
- Must possess an active Top Secret/SCI security clearance with current polygraph
- Experience with securing AI/ML deployment frameworks (e.g., vLLM, Triton) and auditing underlying short/long-term storage systems like vector databases
- Experience implementing automated open source intelligence (OSINT) collection systems to transform threat disclosures into actionable signatures or incident response (IR) playbooks
- Experience deploying advanced container runtime isolation technologies (e.g., gVisor, Kata Containers) and designing strict pod egress network policies
- Knowledge in supply chain security tools, automated secret governance, and configuring continuous security gates at the pull-request level
- Familiarity with AI-specific risk frameworks, notably MITRE ATLAS and the open worldwide application security project (OWASP) for LLMs