Senior DevSecOps Engineer, National Security, Public Sector

Minimum qualifications:

• Bachelor's degree or equivalent practical experience.
• 5 years of experience with Python, Go, or Bash for system automation, middleware creation, and tool integration.
• 5 years of experience in a DevOps or DevSecOps role, including automation and pipeline security.
• 5 years of experience managing containerized environments, orchestration tools (Kubernetes), and infrastructure-as-code (IaC) tools like Terraform or Ansible.
• Ability to travel up to 25% of the time to engage with customers.
• Must possess an active Top Secret/SCI security clearance with current polygraph.

Preferred qualifications:

• Experience with securing AI/ML deployment frameworks (e.g., vLLM, Triton) and auditing underlying short/long-term storage systems like vector databases.
• Experience implementing automated open source intelligence (OSINT) collection systems to transform threat disclosures into actionable signatures or incident response (IR) playbooks.
• Experience deploying advanced container runtime isolation technologies (e.g., gVisor, Kata Containers) and designing strict pod egress network policies.
• Knowledge in supply chain security tools, automated secret governance, and configuring continuous security gates at the pull-request level.
• Familiarity with AI-specific risk frameworks, notably MITRE ATLAS and the open worldwide application security project (OWASP) for LLMs.

About the job:

Our Security team works to create and maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively monitor our systems for attacks and intrusions. In this role, you will also work with software engineers to proactively identify and fix security flaws and vulnerabilities.

As a Senior Development, Security, and Operations (DevSecOps) Engineer, you will bridge the gap between offensive AI security research (Red Team) and defensive platform engineering (Blue Team). You will serve as the core architect of our automated purple-teaming pipeline. You will design the automation that continuously emulates threats, validates guardrails, and deploys real-time containerized and network defenses. The ideal candidate views manual validation as a bug to be fixed and has interest in securing large language models, runtime isolation configurations, and automated detection workflows.Google Public Sector brings the magic of Google to the mission of government and education with solutions purpose-built for enterprises. We focus on helping United States public sector institutions accelerate their digital transformations, and we continue to make significant investments and grow our team to meet the complex needs of local, state and federal government and educational institutions.Individual pay is determined by factors including job-related skills, experience, and relevant education or training.

US: $174000 - $253000 (USD) + 15% bonus target + bonus + equity + benefits

Learn more about benefits at Google.

Responsibilities:

• Establish security baselines for agent construction, engineering strict privilege boundaries and data flow mapping between agents, vector databases, and external systems to prevent data leakage and indirect prompt injections.
• Integrate automated red-team testing workflows (prompt injection, jailbreaking, privilege escalation) directly into deployment pipelines for continuous compliance with MITRE ATLAS, OWASP, and STRIDE.
• Deploy robust container isolation and strict network egress filtering to restrict runtime access, minimizing the exploit blast radius within high-compute GPU/TPU environments.
• Integrate automated security tools, image scanning, and software bill of materials (SBOM) generation into pipelines, leveraging enterprise software for secure secrets management across model artifacts.
• Build and maintain automated code scanners for deep data flow analysis and fuzzing to catch vulnerabilities while minimizing false positives.