AppSec Jobs
← Back to all jobs

X, The Moonshot Factory

Security Engineer, AppSec (Tapestry)

Hybrid
Mountain View, CAPosted 1 week ago$147,000 - $255,000 + bonus + equity + benefitsWebsite
Apply on LinkedIn →

At a Glance

5+ years experienceGCPPythonJavaGoSAST

About This Role

As an Application Security Engineer, you will integrate security design principles directly into the product development lifecycle. You will work across the entire Tapestry platform, helping the team design and implement secure-by-default software architectures. You will sit with engineering teams to perform deep architectural reviews and build security automation that protects our source code integrity and system availability. This is an opportunity to design and scale security engineering foundations that empower teams to move quickly without compromising safety or system integrity. Tapestry is Alphabet's moonshot for the electric grid, working at the frontier where energy's complexity meets AI's potential. We were born at X, the innovation lab responsible for breakthrough technologies like Waymo, Verily and Google Brain. To keep pace with humanity's growing energy needs, the world needs a grid that is visible and understandable. We provide that clarity by building advanced, AI-enabled analytical and planning tools that allow the entire energy ecosystem to plan smarter, move faster, and operate more efficiently—ensuring electricity remains reliable and affordable for everyone.

Responsibilities

  • Design and implement robust security automation and tooling to secure the "code-to-cloud" stack, including GitHub and CI/CD pipelines.
  • Partner with Product, Legal, and Engineering to lead deep architectural reviews and launch assessments for all product features.
  • Drive the implementation of secure code practices and developer-centric security guardrails across the energy domain.
  • Interface with external partners to refine technical security requirements for Energy Sector infrastructure integrations.
  • Navigate ambiguity to solve complex security problems at scale, ensuring safety is a core component of our engineering DNA.

Requirements

GoJavaPythonSASTDASTGCP
  • Bachelor's degree in Computer Science, Software Engineering, or related field.
  • 5+ years of experience building enterprise-grade complex software systems with a focus on Application Security.
  • Proficiency in at least one major language (Go, Java, or Python) to develop and deploy security tooling.
  • Experience with secure SDLC, including automated code analysis (SAST/DAST), secret scanning, and vulnerability management.
  • Ability to work effectively with cross-functional teams of engineers, scientists, and PMs to implement technical security controls.
  • Experience securing high-scale applications on Google Cloud Platform (GCP) - nice to have
  • Knowledge of software-defined network defense and zero-trust security models - nice to have
  • Experience working in a startup/early-stage company with rapidly changing requirements - nice to have

Benefits & Perks

Competitive salary and equity
Medical, dental, and vision coverage
Generous PTO and flexible hybrid work model
401(k) with employer contribution
Professional development
The ability to work on important real-world problems within an Alphabet-backed environment

About X, The Moonshot Factory

X, The Moonshot Factory (X Development LLC), is Alphabet's research and development lab based in Mountain View, California. Founded in January 2010, its mission is to create innovative technologies that address significant global challenges. Under the leadership of CEO Astro Teller, X focuses on transforming ambitious ideas into practical solutions in areas such as mobility, connectivity, climate, and sustainability. X operates as a "moonshot factory," rapidly prototyping concepts in its design kitchen, where initial sketches can become functional prototypes in just days. The lab emphasizes a unique approach to innovation, prioritizing the most challenging problems and learning from early project failures. Notable projects include Wing, which develops autonomous delivery drones, and Dandelion, which offers affordable geothermal heating systems. X collaborates with partners for real-world testing and aims to spin out successful projects as independent companies. With a team of around 250-499 employees, X generates significant revenue while pursuing its goal of making the world a better place through technology.

Industry

research

Employees

3,100

136 engineers

Revenue

$287M

Website

Visit →

Security at X, The Moonshot Factory

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

Stated AppSec Mission: 'integrate security design principles directly into the product development lifecycle.' – X Careers (https://x.company/careers/8450061002/), Job Post. Developer Enablement: 'drive the implementation of secure code practices and developer-centric security guardrails' – X Careers (https://x.company/careers/8450061002/), Job Post. Risk Philosophy: 'sit with engineering teams to perform deep architectural reviews' – X Careers (https://x.company/careers/8450061002/), Job Post. Stated Pain Points or Goals: Information not publicly available.

Security Team

Org Structure & Reporting Line: Information not publicly available. Key Public-Facing Leaders: Information not publicly available. Team Size Estimate (as_of:): Information not publicly available. Active AppSec Job Postings (as_of:): Count: 1. Common Skill/Tool Patterns: 'Experience with secure SDLC, including automated code analysis (SAST/DAST), secret scanning, and vulnerability management.' – X Careers (https://x.company/careers/8450061002/), Job Post.

Key Initiatives

Security Champions Program: No Evidence Found. 'Shift Left' in Practice: 'Design and implement robust security automation and tooling to secure the "code-to-cloud" stack.' – LinkedIn (https://www.linkedin.com/jobs/view/security-engineer-appsec-tapestry-at-x-the-moonshot-factory-4380094480), Job Post. Vulnerability Management Process: 'Experience with... vulnerability management.' – X Careers (https://x.company/careers/8450061002/), Job Post. Secure SDLC Artifacts: 'sit with engineering teams to perform deep architectural reviews' – X Careers (https://x.company/careers/8450061002/), Job Post. Recent Initiatives (Last 6 Months): Information not publicly available.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn