Application Security Engineer

About the Role

The day-to-day responsibilities of this role will be fast-paced and challenging, requiring a high degree of autonomy and collaboration. You will participate in code reviews, design reviews, and penetration testing, as well as contribute to the development of internal tooling and automation efforts. Your ability to communicate complex security risks to engineering and product teams will be essential in driving the design of secure product features.

Brex is committed to building a diverse and inclusive culture, and this role offers a unique opportunity to work with a talented team of professionals who are passionate about AI-driven financial services. With the company's focus on innovation and customer satisfaction, you will be part of a dynamic environment that values creativity, experimentation, and continuous learning.

What You Will Do

• Identify vulnerabilities across common vulnerability classes, document findings, and communicate risk to drive remediation efforts
• Participate in penetration testing and design reviews alongside senior engineers, contributing to the identification of vulnerabilities and insecure designs
• Contribute to internal tooling and automation efforts that support SAST and DAST testing of the Brex platform
• Collaborate with engineering and product teams to support the design of secure product features
• Participate in code reviews, ensuring that security best practices are followed and vulnerabilities are addressed
• Develop and maintain documentation of security procedures and protocols
• Stay up-to-date with emerging threats and vulnerabilities, applying this knowledge to improve the security posture of the Brex platform
• Collaborate with Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure teams to ensure a comprehensive approach to security
• Apply AI security best practices to help secure Brex's agentic features and identify attack surfaces introduced by LLM-powered systems
• Partner with product and engineering teams to build AI capabilities that customers can trust with their critical financial operations

What We Are Looking For

• 5+ years of experience in application security, with a focus on penetration testing and vulnerability management
• Strong foundation in common vulnerability classes, including OWASP Top 10
• Experience with static and dynamic testing tools, such as SAST and DAST
• Excellent communication and collaboration skills, with the ability to work with cross-functional teams
• Strong problem-solving skills, with the ability to analyze complex security issues and develop creative solutions
• Experience with AI security best practices and the ability to apply these to real-world problems
• Strong understanding of secure development practices and the ability to promote these within the organization
• Experience with cloud-based technologies and containerization, such as Docker and Kubernetes
• Familiarity with compliance frameworks, such as SOC 2 and PCI-DSS

Nice to Have

• Experience with machine learning and artificial intelligence, particularly in the context of security
• Familiarity with Brex's technology stack, including languages such as Python and Java
• Experience with agile development methodologies and DevOps practices
• Certification in a relevant security discipline, such as CISSP or CEH

Benefits and Perks

• Competitive salary and equity package
• Comprehensive health, dental, and vision insurance
• Generous PTO and holiday policy
• Remote work stipend and flexible working hours
• Access to cutting-edge technologies and tools
• Opportunities for professional development and growth
• Collaborative and dynamic work environment
• Recognition and reward for outstanding performance
• Access to mental health and wellness resources

• Tip: Ensure you have a strong foundation in penetration testing and vulnerability management, as these skills are essential for success in this role.
• When applying, be prepared to provide examples of your experience with static and dynamic testing tools, as well as your ability to communicate complex security risks to non-technical stakeholders.
• To stand out, highlight your experience with AI security best practices and your ability to apply these to real-world problems.
• In your portfolio, include examples of your work in application security, including any relevant certifications or training programs you have completed.
• During the interview process, be prepared to discuss your approach to security and how you stay up-to-date with emerging threats and vulnerabilities.
• When negotiating salary, consider the company's overall compensation package, including equity and benefits, rather than just focusing on the base salary.
• Red flag: If the company is not willing to provide a clear understanding of the role's responsibilities and expectations, or if they seem unclear about their security posture and protocols.