Staff Application Security Engineer

Responsibilities

• Lead the technical vision and strategic roadmap for the Application Security team, aligning security objectives with Brex's enterprise growth and high-velocity engineering metrics.
• Establish technical standards and secure defaults across the entire engineering organization, fostering a culture of collaborative security excellence and bridging product platforms, infra, and trust.
• Architect and secure novel AI/ML and agentic workflows, applying cutting-edge practices to mitigate risks such as prompt injection, model manipulation, and data poisoning.
• Mentor and coach engineers within the team and across the broader organization, guiding technical growth, helping individuals level up their security expertise, and accelerating team delivery.
• Drive proactive vulnerability discovery and offensive security testing strategies, executing complex attack chains to demonstrate business impact and prioritize cross-functional remediation.
• Partner with Product Platform, Cloud Infrastructure, and Data engineering teams to ensure core primitives, APIs, and microservices are secure by default from design to deployment.

Requirements

• 8+ years of experience in Application Security, Product Security, or software engineering with a primary focus on offensive and defensive application security.
• Proven track record of technical leadership and team mentorship on complex, multi-quarter security engineering initiatives in a fast-paced environment.
• Deep proficiency and technical expertise in AI security, including hands-on experience securing agentic architectures, LLM gateways, and evaluating adversarial AI vectors.
• Strong systems-thinking capabilities with extensive experience defining secure product development lifecycles, threat modeling complex topologies, and cloud-native container security (AWS, Kubernetes).
• Proficiency in Python, Go, or similar languages to architect internal tooling, pipeline automation, and advanced detection/scanning engines.
• Exceptional written and verbal communication skills, with a demonstrated ability to navigate ambiguity, influence technical leaders, and manage up and out across EPD organizations.

Nice-to-Haves

• Experience with Kotlin, gRPC, GraphQL, Kubernetes
• Previous experience in building and scaling security teams
• Experience with securing distributed systems in AWS and cloud environments
• Contributions to the wider technical community — open source, public research, CTF participation, blogging, CVEs, or presentations
• Experience submitting to bug bounty or responsible disclosure programs
• Published AI security research or contributions to AI security frameworks

Compensation

• Expected salary range: $240,000 - $300,000 USD
• Equity and other forms of compensation may be provided as part of a total compensation package.