Give a detailed description of the Orange Team.

There's not a lot of information out there about what specifically the scope of google's orange team is or what they've done (kind of obvious why...), but in general there are two kinds of penetration testing one would want to do: the obvious one where you ensure that systems that are exposed to the outside world are secure, and the less obvious one where you ensure systems are secure from within.

Think of it this way: what could someone with inside knowledge of the systems and a standard-security level access to them do that would be bad. it's not necessarily about protecting yourself against an evil employee (though that's part of the goal for larger companies), it's about keeping your own architecture honest. You want bad things to be impossible even in principle, not just because you assume no one will bend the rules (whether that's for nefarious purposes or just plain laziness).

My understanding based on what I have heard on the internet is that google's orange team is something like that, that they essentially try to hack google from within using any means they can think of (to your question, I'm guessing short of causing production visible effects), including making calls to internal APIs that are not available externally.

For a large company where many teams and team members are supposed to have different levels of access to different internal resources, this kind of penetration testing helps improve the security of the internal systems architecture. And yes I'm sure the "evil employee" factor looms large over this kind of businesses... imagine what would happen if the wrong person managed to insert a bit of code in a compiler, or a popular browser.

Also, that's got to be a really fun job!