Senior Application Security Engineer

Google Fiber
Summary
Join GFiber's Cybersecurity team as a Senior Application Security Engineer and play a key role in protecting our networks, systems, and data. You will champion secure coding practices, threat modeling, and automated security testing to empower engineering teams. This position focuses on building and improving our secure development lifecycle, leveraging automation, and providing expert guidance. Collaborate with various teams to ensure a holistic approach to security. The role involves integrating security into all phases of the SDLC and driving key projects to enhance GFiber's application security posture. You will also be responsible for evolving threat modeling and security reviews.
Requirements
- Bachelor's degree in Computer Science, Information Security, a related field, or equivalent practical experience
- 7 years of experience in application security, including hands-on experience with secure SDLC practices, threat modeling, vulnerability assessment, and penetration testing
- Direct experience with one or more programming languages (e.g., Java, JavaScript, Kotlin) and experience with code review
- Experience with application security tools and technologies (e.g., SAST, DAST, IAST, SCA, WAF)
Responsibilities
- Champion Secure by Design Principles: Lead the integration of security into all phases of the software development lifecycle (SDLC), from design and threat modeling to secure coding, testing, and deployment, ensuring the "default path" is the secure path for application development
- Lead Application Security Initiatives: Drive key projects to enhance GFiber's application security posture, including the development of security standards, secure coding guidelines, and the implementation of advanced security testing methodologies
- Drive Automation and Tooling: Design, implement, and optimize automated security tools (SAST, DAST, SCA, IAST) and integrate them into CI/CD pipelines to provide rapid feedback to developers and accelerate secure software delivery
- Evolve Threat Modeling and Security Reviews: Establish and lead threat modeling efforts for new and existing applications, conduct in-depth security architecture reviews, and perform manual and automated code reviews to identify and mitigate vulnerabilities
Preferred Qualifications
- Demonstrated success in developing, implementing, and maturing an application security program or significant security features
- Experience building and deploying security solutions in GCP (Google Cloud Platform)
- A deep understanding of common application vulnerabilities (e.g., OWASP Top 10, SANS Top 25), attack vectors, and remediation techniques
- Experience in developing and delivering security training and awareness programs to engineering teams
- Relevant security certifications (e.g., GPEN, CSSLP, GWAPT, GWEB, OSCP, OSWE, OSEP)
- Experience with container security (Docker, Kubernetes) and Infrastructure as Code (IaC) security principles
Benefits
The US base salary range for this full-time position is between $157,000 - $230,000 + bonus + cash award + benefits