Security Engineer, Application Security
BrexAutomate compliance, close the books, and keep everyone on budget in real time — in multiple countries and currencies — with one spend management solution.
Why join us
Brex empowers the next generation of businesses with an integrated corporate card and spend management software. We make it easy for our customers to manage every aspect of spending and empower their employees to make better financial decisions from anywhere they live or work. Brex proudly serves tens of thousands of growing businesses, from early-stage startups to enterprise leaders.
Working at Brex allows you to push your limits, challenge the status quo, and collaborate with some of the brightest minds in the industry. We’re committed to building a diverse team and inclusive culture and believe your potential should only be limited by how big you can dream. We make this a reality by empowering you with the tools, resources, and support you need to grow your career.
Engineering at Brex
The Engineering team includes Data, IT, Security, and Software, and is responsible for building innovative products and infrastructure for Brex and our customers. We believe that engineers should accelerate the business through technology, and collaborate across multiple teams to accomplish that.
Teams are autonomous, filled with inclusive individuals, eager to learn, teach, constantly improve how things work. The software we build today is the foundation for dozens of Brex systems in the future, so engineers have a strong sense of ownership and accountability and take pride in their craft.
What you’ll do
As an Application Security Engineer, you will focus on finding and responding to security vulnerabilities across the Brex platform. In this role, you will perform code reviews, design reviews, penetration testing, and bug bounty management. You will also develop tooling to perform static and dynamic testing of the Brex platform.
We’re looking for individuals with a strong background and interest in penetration testing. You should have a demonstrated ability to find vulnerabilities and write exploits.
Within this role, you will work with every engineering team at Brex. You should be enthusiastic about working with a variety of backgrounds, roles, and needs across Brex. Building a world-class financial service requires world-class security.
Application Security is part of our wider Trust organization, which means you will also have the opportunity to work closely with other security teams, such as Infrastructure Security, Detection and Response, and GRC.
- Perform penetration testing and design reviews, looking for vulnerabilities and insecure designs. Work with engineering and product teams to design secure product features
- Articulate the risk of specific vulnerabilities and determine prioritization efforts
- Build internal tools to help automate security efforts and perform SAST and DAST testing of the platform
- Help manage our third-party bug bounty program. Triage issues, respond to researchers, and track reported vulnerabilities.
- 3+ years work experience in an Application Security role
- Ability to find vulnerabilities in complex systems
- Perform a wide range of SDL activities, including threat modeling, developer education, and incident response
- Knowledge of Python and scripting languages to automate tasks and build tools
- You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in)
- Proficiency with Kotlin, gRPC and GraphQL
- Previous experience as a Software engineer
- Consultancy experience performing Application Security reviews
- Experience with securing distributed systems in AWS and cloud environments
- Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)
- Experience submitting to Bug Bounty programs
Please be aware, job-seekers may be at risk of targeting by malicious actors looking for personal data. Brex recruiters will only reach out via LinkedIn or email with a brex.com domain. Any outreach claiming to be from Brex via other sources should be ignored.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open CISM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs