Application Security Engineer

Job Description: - Identify vulnerabilities across common vulnerability classes (e.g., OWASP Top 10), document findings clearly, and communicate risk to drive remediation efforts

- Participate in penetration testing and design reviews alongside senior engineers, contributing to the identification of vulnerabilities and insecure designs

- Contribute to internal tooling and automation efforts that support SAST and DAST testing of the Brex platform and promote secure development practices

- Collaborate with engineering and product teams to support the design of secure product features

- Actively contribute to a culture of security awareness through knowledge sharing and peer learning

Requirements: - 4+ years of work experience in Application Security or a related role

- Demonstrated ability to find and document vulnerabilities in complex systems, with clear communication of business risk

- Hands-on experience with a subset of secure development activities, such as code review, threat modeling, or penetration testing

- Experience identifying security risks in AI/ML systems — such as prompt injection, model manipulation, or data poisoning — through work experience, personal projects, CTFs, or bug bounties

- Familiarity with agentic workflows and the ability to reason about attack surfaces introduced by LLM-powered features

- Knowledge of Python or scripting languages to automate tasks and build tooling

- Collaborative mindset paired with strong written and verbal communication skills