GFiber is an Alphabet company that provides Google Fiber and Google Fiber Webpass internet services across the United States. As a Senior Application Security Engineer, you will serve as a technical advisor to secure applications, collaborate with engineering teams on secure code practices, and lead initiatives to enhance security within the development lifecycle.
Responsibilities:
- Manage and optimize core application defenses, including the Web Application Firewall (WAF) and automated vulnerability scanning tools, while monitoring key security metrics
- Architect and maintain security gating processes within the CI/CD pipeline to ensure secure, seamless software delivery
- Govern and secure our growing AI pipeline within the SDLC by implementing input/output monitoring, context controls, and safety guardrails around AI-generated code
- Partner with development teams to remediate vulnerabilities, scale the security champions program, and co-lead our public bug bounty initiative
- Mentor junior engineers and analysts, and occasionally present security postures, trends, and program milestones to upper management
Requirements:
- Bachelor's degree in Computer Science, a related technical field, or equivalent practical experience
- 5 years of experience with managing Web Application Firewalls (WAF) and integrating automated security gating into CI/CD pipelines
- Experience with vulnerability management and cloud-hosted application security scanning tools
- Experience collaborating directly with software development teams on threat mitigation
- Experience with scripting or programming languages (i.e., Python, Java, Kotlin) to automate security processes
- Experience implementing security guardrails, context controls, or monitoring for Large Language Models (LLMs) and AI-assisted development tools
- Experience leading or growing a security champions program or a bug bounty platform
- Experience mentoring junior security professionals or teaching secure coding practices to engineering teams
- Experience analyzing technical security risks and presenting metrics or findings to upper management
- Knowledge of ISP infrastructure, web-scale networks, or cloud environments (e.g., GCP, AWS)