GFiber

Senior Application Security Engineer

GFiber · United States · $157K–$230K/yr

Technology, Information and Internet · 501-1,000 employees

7 h ago
Remote Senior (5-10 yrs) Full-time United States
Log in to apply, save this posting, or score it against your profile with AI.

About the role

The role involves securing applications and development ecosystems by reviewing code and designing secure software delivery pipelines. Key duties include managing WAF, implementing AI safety guardrails, and leading the public bug bounty initiative.

What they look for

Web Application Firewall (WAF) CI/CD Pipeline Security Vulnerability Management Python Java Kotlin AI Security Guardrails Threat Mitigation Bug Bounty Management Cloud Security Secure Coding LLM Monitoring

Requirements

Candidates need a Bachelor's degree in Computer Science or equivalent experience with at least 5 years of experience in WAF and CI/CD security gating. Proficiency in scripting languages like Python or Java and experience with cloud-hosted security scanning tools are required.

Benefits

Bonus Benefits

Full description

At GFiber, we believe that great internet has the power to drive innovation, strengthen communities, enable the impossible, and do all the everyday things that make all of our world go round. And the job of creating better internet is never done - so we’re growing! Our team is committed to building a place where people who want to make a difference can grow their careers and find their spot to belong.

GFiber is an Alphabet company that brings Google Fiber and Google Fiber Webpass internet services to homes and businesses across the United States. Our teams are expanding as we connect more cities and people to exceptional internet.

The application window will be open until at least July 19th, 2026. This opportunity will remain online based on business needs which may be before or after the specified date.

This role is not eligible for immigration sponsorship.

Role Description

As a Senior Application Security Engineer, you will be a core technical advisor for securing GFiber’s applications and development ecosystems. You will partner closely with engineering teams to review code, secure software delivery pipelines, and design frameworks that make writing secure code the path of least resistance. You will lead initiatives ranging from managing threat detection boundaries to establishing cutting-edge AI integrations within our development lifecycle. This is a highly collaborative role where you will influence engineering practices, champion security culture across teams, and occasionally share strategic insights with senior leadership.

In this role, you’ll:

  • Manage and optimize core application defenses, including the Web Application Firewall (WAF) and automated vulnerability scanning tools, while monitoring key security metrics.
  • Architect and maintain security gating processes within the CI/CD pipeline to ensure secure, seamless software delivery.
  • Govern and secure our growing AI pipeline within the SDLC by implementing input/output monitoring, context controls, and safety guardrails around AI-generated code.
  • Partner with development teams to remediate vulnerabilities, scale the security champions program, and co-lead our public bug bounty initiative.
  • Mentor junior engineers and analysts, and occasionally present security postures, trends, and program milestones to upper management.

At a minimum, we would like you to have:

  • Bachelor's degree in Computer Science, a related technical field, or equivalent practical experience.
  • 5 years of experience with managing Web Application Firewalls (WAF) and integrating automated security gating into CI/CD pipelines.
  • Experience with vulnerability management and cloud-hosted application security scanning tools.
  • Experience collaborating directly with software development teams on threat mitigation.
  • Experience with scripting or programming languages (i.e., Python, Java, Kotlin) to automate security processes.

It’s preferred if you have:

  • Experience implementing security guardrails, context controls, or monitoring for Large Language Models (LLMs) and AI-assisted development tools.
  • Experience leading or growing a security champions program or a bug bounty platform.
  • Experience mentoring junior security professionals or teaching secure coding practices to engineering teams.
  • Experience analyzing technical security risks and presenting metrics or findings to upper management.
  • Knowledge of ISP infrastructure, web-scale networks, or cloud environments (e.g., GCP, AWS).

The US base salary range for this full-time position is between $156,900 - $229,700 + bonus + benefits. As pay varies by location, your recruiter will share more about the specific salary range for your targeted location during the hiring process.

#LI-DNI

GFiber is committed to equal opportunity employment regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, citizenship, marital status, disability or Veteran status. Disclosure is voluntary, and this information will be kept confidential in compliance with Google's Candidate Privacy Policy. For more information please refer to our Equal Employment Opportunity Policy and the EEOC's "Know your rights: workplace discrimination is illegal" (PDF).

It's important to us to create an accessible, inclusive workplace for everyone. If you have a need that requires accommodation, please let us know by completing our accommodations for applicants form. Our candidate accommodations team will then connect with you to confidentially discuss your options.