The Software Engineer, External API Security role at Google focuses on eliminating product authorization vulnerabilities through the development of secure frameworks and AI-assisted security scanning systems. The position is part of the Information Security Engineering, Authorization team, which aims to protect user data and secure Google's public-facing API boundaries. The engineer will work on designing secure-by-default systems and driving remediation campaigns to mitigate risks. This role requires collaboration with various teams to establish secure API deployment architectures.

• Bachelor's degree or equivalent practical experience.
• 2 years of experience with software development in one or more programming languages, or 1 year of experience with an advanced degree.
• 2 years of experience building software for security, such as vulnerability analysis or identity and access management.

• Develop and improve AI-assisted API vulnerability scanning systems and automated launch checkers to identify authorization bypasses.
• Drive central remediation campaigns to address systemic vulnerability classes without disrupting product teams.
• Collaborate with core infrastructure and product teams to create secure-by-default API deployment architectures.
• Build and maintain infrastructure for security policy enforcement and monitoring.
• Analyze emerging authorization bypass patterns and evaluate AI systems to enhance API access controls.

• Employees at Google are often offered benefits like comprehensive health insurance, 401(k) matching, and flexible work arrangements, among other benefits.