Google's Security team works to create and maintain the safest operating environment for Google's users and developers. The Abuse and AI Vulnerability Rewards Program (VRP) is a bug bounty program which covers abusive use of Google's systems, including Generative AI systems such as Gemini. The VRP team is responsible for assessing reports from external security researchers, interacting directly with researchers and product teams, deciding on rewards for reporters, and managing the resolution and coordinated disclosure of vulnerabilities.
Requirements
- 5 years of coding experience in one or more general purpose languages.
- 5 years of experience working in a security field such as application security, network security, or incident response.
- Experience with generative AI or similar AI/ML systems.
- Experience working in bug bounties.
Responsibilities
- Assess the validity and severity of externally-reported security and abuse issues, including issues impacting GenAI products.
- Recreate externally-reported security and abuse issues, capturing information required by the product teams to understand and resolve.
- Serve as a point of technical escalation for the first-line triage team.
- Manage communication between researchers and product teams.
- Assess reported bugs to determine impact, and what, if any, reward should be issued to the researcher under VRP rules.
- Participate in the VRP community and engage in cross-team projects to improve the bug bounty experience for all reporters.
Other
- Excellent problem-solving and critical thinking skills with attention to detail in an ever-changing environment.
- Experience working with external parties or in a publicly-facing role.
