Software Engineer, External API Security

Google Google · Big Tech · New York, NY +1

This role focuses on securing Google's external API boundaries by developing AI-assisted security scanning systems, driving remediation campaigns, and collaborating with product teams to establish secure-by-default architectures. The engineer will build and maintain infrastructure for security policy enforcement and analyze authorization bypass patterns, potentially evaluating agent-based AI systems.

What you'd actually do

  1. Develop and improve AI-assisted API vulnerability scanning systems, framework improvements, and automated launch checkers to proactively identify authorization bypasses.
  2. Drive central remediation campaigns to remediate systemic vulnerability classes without putting undue churn onto product teams.
  3. Collaborate with core infrastructure and product teams to establish secure-by-default API deployment architectures and to pragmatically reduce risk.
  4. Build and maintain infrastructure and automation for security policy enforcement, monitoring, and regression prevention.
  5. Analyze emerging authorization bypass patterns and evaluate agent-based AI systems to proactively harden API access controls.

Skills

Required

  • software development
  • building software for security
  • vulnerability analysis
  • identity and access management

Nice to have

  • agent-based artificial intelligence systems
  • software security domains
  • secure coding practices
  • security architecture
  • designing, building, or securing web APIs and microservices
  • Go
  • Java
  • Python
  • running automated code refactoring or programmatic remediation campaigns

What the JD emphasized

  • agentic security scanning
  • AI-assisted security scanning systems
  • agent-based AI systems

Other signals

  • AI-assisted security scanning systems
  • agentic security scanning
  • agent-based AI systems