Join the Base10 family

Open opportunities with founders believing purpose is key
to profits and companies solving problems for the 99%

Security Engineer, Application Security

Brex

Brex

Other Engineering
Canada
Posted on Nov 4, 2023

Why join us

Brex empowers the next generation of businesses with an integrated corporate card and spend management software. We make it easy for our customers to manage every aspect of spending and empower their employees to make better financial decisions from anywhere they live or work. Brex proudly serves tens of thousands of growing businesses, from early-stage startups to enterprise leaders.

Working at Brex allows you to push your limits, challenge the status quo, and collaborate with some of the brightest minds in the industry. We’re committed to building a diverse team and inclusive culture and believe your potential should only be limited by how big you can dream. We make this a reality by empowering you with the tools, resources, and support you need to grow your career.

Engineering at Brex

The Engineering team includes Data, IT, Security, and Software, and is responsible for building innovative products and infrastructure for Brex and our customers. We believe that engineers should accelerate the business through technology, and collaborate across multiple teams to accomplish that.

Teams are autonomous, filled with inclusive individuals, eager to learn, teach, constantly improve how things work. The software we build today is the foundation for dozens of Brex systems in the future, so engineers have a strong sense of ownership and accountability and take pride in their craft.

What you’ll do

As an Application Security Engineer, you will focus on finding and responding to security vulnerabilities across the Brex platform. In this role, you will perform code reviews, design reviews, penetration testing, and bug bounty management. You will also develop tooling to perform static and dynamic testing of the Brex platform.

We’re looking for individuals with a strong background and interest in penetration testing. You should have a demonstrated ability to find vulnerabilities and write exploits.

Within this role, you will work with every engineering team at Brex. You should be enthusiastic about working with a variety of backgrounds, roles, and needs across Brex. Building a world-class financial service requires world-class security.

Application Security is part of our wider Trust organization, which means you will also have the opportunity to work closely with other security teams, such as Infrastructure Security, Detection and Response, and GRC.

Responsibilities

  • Perform penetration testing and design reviews, looking for vulnerabilities and insecure designs. Work with engineering and product teams to design secure product features
  • Articulate the risk of specific vulnerabilities and determine prioritization efforts
  • Build internal tools to help automate security efforts and perform SAST and DAST testing of the platform
  • Help manage our third-party bug bounty program. Triage issues, respond to researchers, and track reported vulnerabilities.

Requirements

  • 3+ years work experience in an Application Security role
  • Ability to find vulnerabilities in complex systems
  • Perform a wide range of SDL activities, including threat modeling, developer education, and incident response
  • Knowledge of Python and scripting languages to automate tasks and build tools
  • You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in)

Bonus points

    • Proficiency with Kotlin, gRPC and GraphQL
    • Previous experience as a Software engineer
    • Consultancy experience performing Application Security reviews
    • Experience with securing distributed systems in AWS and cloud environments
    • Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)
    • Experience submitting to Bug Bounty programs

Please be aware, job-seekers may be at risk of targeting by malicious actors looking for personal data. Brex recruiters will only reach out via LinkedIn or email with a brex.com domain. Any outreach claiming to be from Brex via other sources should be ignored.