Senior Security Engineer, Applications (Remote)
San Francisco, California, United States
Brex
Spend smarter with integrated corporate cards, expenses, travel, and payments — in 100+ countries.Why join us
Brex is reimagining financial systems so every growing company can realize their full potential. As the financial OS, we’re building software and services in one place — disrupting long-entrenched institutions with products and experiences that better serve the ambitions of our customers.
Working at Brex allows you to push your limits, challenge the status quo, and collaborate with some of the brightest minds in the industry. We’re committed to building a diverse team and inclusive culture and believe your potential should only be limited by how big you can dream. We make this a reality by empowering you with the tools, resources, and support you need to grow your career.
Engineering at Brex
The Engineering team includes Data, IT, Security, and Software, and is responsible for building innovative products and infrastructure for Brex and our customers. We believe that engineers should accelerate the business through technology, and collaborate across multiple teams to accomplish that.
Teams are autonomous, value inclusivity, eager to learn, teach and constantly improve how things work. The software we build today is the foundation for dozens of Brex systems in the future, so engineers have a strong sense of ownership and accountability and take pride in their craft.
What you’ll do
As an Application Security Engineer, you will focus on revealing potential weaknesses and coming up with creative solutions to eliminate entire classes of vulnerabilities, by creating libraries, tools and practices. You will do this by performing code reviews during development, threat modelling during design reviews, and performing security assessments of our live applications. In short, your role will be to build partnerships with other engineering teams, to enable our developers to ship features securely throughout all phases of the SDLC.
We’re looking for individuals with a strong background and interest in securing systems and infrastructure at scale, comfortable in dealing with lots of moving pieces, with a keen eye towards detail, and comfortable learning new technologies. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and needs. We’re looking for someone to help scale the company with incredible people across the board. Building world-class financial services requires world-class security.
Responsibilities
- Contributing security-focused feedback to engineers during all phases of the development lifecycle.
- Participating in and supporting application security reviews and threat modeling, as well as the development of these processes themselves.
- Communicating risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns.
- Deploying, fine-tuning, and automating processes by developing tooling to mitigate application level threats to Brex at scale.
- Collaborating with other engineering teams to drive remediation of security vulnerabilities, while balancing prioritization of security issues within SLAs and teams’ respective product backlogs.
- Own, operate and optimize Brex’s bug bounty program to ensure our program is a leader in this space.
Requirements:
- Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience
- 5+ years experience in security testing of web applications and native apps
- Familiarity with common security libraries, security controls, and common security flaws.
- Basic development or scripting experience and skills. While not primarily a development role, you will create scripts and contribute to the development and improvement of tooling.
- Caring about system design and valuing building things correctly from day one, without cutting corners.
- Thriving in a collaborative environment, filled with a diverse group of people with different expertise and backgrounds (we currently have around 30 nationalities represented, with more than ½ the company working in a country different from the one they grew up in).
Tags: Application security Computer Science Scripting SDLC Security assessment SLAs Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs