Brex is building the new global standard for financial services, starting with corporate cards. We are designing the product from first principles, enabling us to have unparalleled features and a seamless, modern experience for our customers. With backing from top venture firms and industry veterans such as Peter Thiel and Max Levchin, Brex is one of the fastest-growing startups to date, and we’re looking for someone to help scale the company with incredible people across the board. Building world-class financial services requires world-class security. As an application security engineer, you will be bolstering security by breaking features, frameworks, services and helping build them better. You’d also be doing a lot of automation to detect and prevent security vulnerabilities. Based in San Francisco, our team is committed to creating a driven and diverse company with ambitions people from wide-ranging backgrounds.

We’re looking for individuals with a strong background in threat modeling, pentesting, secure system architecture and automation using scripting. You should demonstrate strong communication skills, autonomy, and ability to work with a variety of stakeholders. 

Responsibilities:

• Integrate, tune and maintain static and dynamic analysis security tools into CI/CD pipelines
• Perform architecture reviews, threat modeling, code reviews and penetration tests for mobile and web products, features and services
• Serve as the application security subject matter expert and help engineering ship more secure code by finding and providing guidance to fix security vulnerabilities
• Develop automation for detection, remediation and containment of security vulnerabilities
• Manage the bug bounty program
• Help design and review security-sensitive aspects of features and 3rd-party integrations that other teams are building
• Train new engineers and evangelize good security habits; ensure best practices (in technology or education/outreach)
• Uphold our high engineering standards and bring consistency to the codebases, infrastructure, and processes you will encounter
• Enable automation of product security testing and find innovative ways to scale the security team
• Evaluate and implement new technologies, tools, and/or development techniques that impact web and mobile security

What We Value:

• Strong background in web and/or mobile security 
• Experience with both breaking and building applications
• Knack for finding flaws in software, can efficiently communicate and help with fixes
• Deep understanding of the web architecture
• Automation and scripting skills
• We work in Elixir and TypeScript, however languages can be learned: we care much more about the general engineering skills than knowledge of a particular language or framework
• Caring about system design and value building things correctly from day one, without cutting corners
• Debugging complex problems across the entire stack
• Taking pride in working on projects to successful completion, involving a wide variety of technologies and systems
• Holding yourself and others to a high bar when working with production systems
• Thriving in a collaborative environment, filled with a diverse group of people with different expertise and backgrounds (we currently have around 30 nationalities represented, with more than ½ the company working in a country different from the one they grew up in)

Engineering at Brex: 

• We work in an environment where it matters to make the right design decisions the first time, and as a result, take on less technical debt than other companies
• Product is a highly collaborative initiative across multiple teams. Engineers are expected to understand and have product input, designing systems towards our long-term product vision
• We'd rather have one strong, well-compensated engineer, instead of having 5 average engineers. Our customers are fine with fewer features, but are not ok with broken features
• We believe in two equal track career growths between senior individual contributors and managers. We want people to contribute where they feel most impactful
• We believe in small, accountable and autonomous teams of amazing people, eager to learn, teach and constantly improve our way of working
• People have a strong sense of ownership and accountability for what they’re building. What we build today will be the foundation for dozens of other systems in the future
• We are very frank on discussing technical matters. If one disagrees with how things are being done, we encourage them to speak up and help us get to the truth faster

Does Brex sound like home? We'd love to meet you! Please share with us details of what you've worked on and what matters to you (personally and from a technical standpoint). Don't worry too much about your resumé. Be genuine, not official.