Google is looking for an Ads Threat Intelligence Security Developer to help strengthen the security of its advertising infrastructure. This is a full-time on-site role based in Toronto, ON or Waterloo, ON. In this position, you will work directly with a team of developers, analysts, and product managers to analyze and address security vulnerabilities in Google Ads and third-party advertising products. You'll focus on identifying, investigating, and mitigating threats such as malvertising, ad fraud, and security vulnerabilities within Google’s advertising environment.

As an integral part of Google's Security team, you will play a key role in creating and maintaining a safe operating environment, working across teams to proactively address security challenges, and developing scalable threat intelligence platforms to protect users and advertisers alike.

Key Responsibilities

• Investigate a variety of events (e.g., suspicious activity or security incidents) to determine if they pose a threat to Google users or its advertising systems.
• Identify, analyze, and document signals of malicious behavior, understanding the tactics, techniques, and procedures (TTPs) of adversary actors targeting Google Ads products.
• Produce detailed threat reports and provide real-time analysis to assist the broader security and product teams in responding to emerging threats.
• Build and improve tools for analyzing malvertising and ad abuse attacks.
• Focus on identifying and tracking adversaries who exploit vulnerabilities in the ad ecosystem, utilizing data-driven approaches to analyze large-scale ad activity.
• Improve detection systems and capabilities to better spot new forms of malicious ads or abuse tactics.
• Take ownership of the analysis efforts for one or more threat actors, becoming the subject matter expert (SME) on their tactics and how they might affect Google’s ad products.
• Lead efforts to disrupt adversary activity, develop defensive measures, and track their evolving methods to anticipate new threats.

Vulnerability Identification and Risk Assessment

• Identify and assess security vulnerabilities in Google Ads products and other ad-serving systems.
• Work with engineering teams to evaluate the security risks associated with new products and features, ensuring any weaknesses are addressed early in the development process.

Collaboration and Cross-Functional Work

• Partner closely with software engineers, security teams, and product managers to integrate security considerations into the development lifecycle of advertising products.
• Help define anti-abuse strategies, contribute to security reviews, and ensure that threats are proactively mitigated across Google's ad platforms.

Minimum Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• At least 1 year of experience in security assessments, security design reviews, or threat modeling.
• 1+ year of coding experience in at least one general-purpose programming language (e.g., Python, Java, C++, Go).
• Experience in responding to security incidents, identifying threats, and conducting security analysis.
• Familiarity with tools and techniques for analyzing and detecting malicious behavior in a complex environment.

Preferred Qualifications

• 2+ years of experience in a role where you responded to security issues, conducted security research, and performed front-line analysis of threats.
• Penetration testing, web application security testing, and vulnerability scanning experience are strongly preferred.
• Expertise in malware analysis and the ability to investigate web-based exploits and ad abuse patterns.
• Solid understanding of web technologies (e.g., HTTP, TCP, JavaScript) and how they relate to security vulnerabilities in ad-serving platforms.
• Experience with signals development, threat modeling, and threat hunting techniques to identify and mitigate emerging security threats.

Familiarity with Google Ads and Ad Serving Platforms

• Familiarity with ad serving technologies and platforms (e.g., Google Ads), and understanding of how adversaries target and exploit these systems.

About the Security Team
At Google, the Security team plays a critical role in ensuring the safety and integrity of Google’s services, including protecting highly sensitive data, keeping systems hardened against cyberattacks, and proactively identifying and addressing security flaws. As part of the Security team, you will contribute to building safer systems through collaboration with engineers and other security experts, responding to complex security issues, and helping design defensive strategies to keep Google’s infrastructure secure.

You will have an opportunity to

• Investigate advanced threats in the context of one of the world’s largest advertising platforms.
• Develop innovative tools to combat ad fraud, malvertising, and other forms of ad abuse.
• Collaborate with top experts to improve Google’s threat intelligence platform, helping protect millions of users worldwide.

Why Google?

1. Impactful Work. You’ll be working on one of the most important security challenges: protecting Google Ads and its users from complex security threats.
2. Innovative Environment. Google’s cutting-edge technologies and data-driven approach ensure you’ll be at the forefront of security innovation, solving some of the most challenging cybersecurity problems in tech.
3. Diversity and Inclusion. Google is committed to building a diverse team where all employees are encouraged to bring their unique perspectives to work, fostering a collaborative and inclusive work culture.
4. Career Growth. Google offers continuous learning and development opportunities, ensuring that you stay at the top of your field and have the chance to grow within the company.

Google Equal Opportunity Commitment. Google is proud to be an equal opportunity workplace. The company is committed to affirmative action and providing equal employment opportunities regardless of race, gender, sexual orientation, age, disability, or other protected statuses. Google also ensures that its hiring processes are accessible for applicants with disabilities or special needs.