Careers

Application Security Engineer

Application Security Engineer

Remote

Why join us

Brex is the intelligent finance platform that enables companies to spend smarter and move faster in more than 200 markets. By combining global corporate cards and banking with intuitive spend management, bill pay, and travel software, Brex enables founders and finance teams to accelerate operations, gain real-time visibility, and control spend effortlessly. Brex’s AI-native automation and world-class service eliminate manual expense and accounting tasks for customers so they can focus on what matters most. Tens of thousands of the world's best companies run on Brex, including DoorDash, Coinbase, Robinhood, Zoom, Plaid, Reddit, and SeatGeek.

Working at Brex allows you to push your limits, challenge the status quo, and collaborate with some of the brightest minds in the industry. We’re committed to building a diverse team and inclusive culture and believe your potential should only be limited by how big you can dream. We make this a reality by empowering you with the tools, resources, and support you need to grow your career.

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As an Application Security Engineer, you will contribute to finding and responding to security vulnerabilities across the Brex platform. In this role, you will participate in code reviews, design reviews, penetration testing, and vulnerability management. You will contribute to tooling that performs static and dynamic testing of the Brex platform and supports secure developer workflows. Application Security is part of our wider Financial Scale organization, which means you will work closely with Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure teams.

We're looking for individuals with a solid foundation in penetration testing and a curiosity for finding vulnerabilities in complex systems. You should have experience identifying and documenting vulnerabilities across common vulnerability classes and be able to communicate their risk clearly to engineering and product teams. This role is highly cross-functional — you'll have the opportunity to collaborate with engineering teams across Brex and grow your security expertise in a fast-moving environment.

Brex is pioneering the next wave of AI-driven financial services for dynamic, high-impact companies like Coinbase, Robinhood, and Anthropic. As we integrate AI across our product suite, this role will give you hands-on experience contributing to AI security at Brex. You'll apply emerging AI security best practices to help secure our agentic features, identify attack surfaces introduced by LLM-powered systems, and partner with product and engineering teams to build AI capabilities our customers can trust with their critical financial operations.

Responsibilities

  • Identify vulnerabilities across common vulnerability classes (e.g., OWASP Top 10), document findings clearly, and communicate risk to drive remediation efforts
  • Participate in penetration testing and design reviews alongside senior engineers, contributing to the identification of vulnerabilities and insecure designs
  • Contribute to internal tooling and automation efforts that support SAST and DAST testing of the Brex platform and promote secure development practices
  • Collaborate with engineering and product teams to support the design of secure product features
  • Actively contribute to a culture of security awareness through knowledge sharing and peer learning

Requirements

  • 4+ years of work experience in Application Security or a related role
  • Demonstrated ability to find and document vulnerabilities in complex systems, with clear communication of business risk
  • Hands-on experience with a subset of secure development activities, such as code review, threat modeling, or penetration testing
  • Experience identifying security risks in AI/ML systems — such as prompt injection, model manipulation, or data poisoning — through work experience, personal projects, CTFs, or bug bounties
  • Familiarity with agentic workflows and the ability to reason about attack surfaces introduced by LLM-powered features
  • Knowledge of Python or scripting languages to automate tasks and build tooling
  • Collaborative mindset paired with strong written and verbal communication skills

Bonus points

  • Experience with Kotlin, gRPC, GraphQL, Kubernetes
  • Previous experience as a software engineer
  • Experience with securing distributed systems in AWS and cloud environments
  • Experience with web application security reviews
  • Contributions to the wider technical community — open source, public research, CTF participation, blogging, CVEs, or presentations
  • Experience submitting to bug bounty or responsible disclosure programs
  • Published AI security research or contributions to AI security frameworks

Compensation

The expected salary range for this role is $152,000 - $190,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Please be aware, job-seekers may be at risk of targeting by malicious actors looking for personal data. Brex recruiters will only reach out via LinkedIn or email with a brex.com domain. Any outreach claiming to be from Brex via other sources should be ignored.