Senior Application Security Engineer

At Braze, we have found our people. We're a genuinely approachable, exceptionally kind, and intensely passionate crew.

We seek to ignite that passion by setting high standards, championing teamwork, and creating work-life harmony as we collectively navigate rapid growth on a global scale while striving for greater equity and opportunity – inside and outside our organization.

To flourish here, you must be prepared to set a high bar for yourself and those around you. There is always a way to contribute: Acting with autonomy, having accountability and being open to new perspectives are essential to our continued success.

Our deep curiosity to learn and our eagerness to share diverse passions with others gives us balance and injects a one-of-a-kind vibrancy into our culture.

If you are driven to solve exhilarating challenges and have a bias toward action in the face of change, you will be empowered to make a real impact here, with a sharp and passionate team at your back. If Braze sounds like a place where you can thrive, we can't wait to meet you.

WHAT YOU'LL DO

Braze is seeking a Sr. Application Security engineer to join our team. Braze is a modern, cloud-first, SaaS application company with no classical "legacy" systems. We are seeking an Application Security engineer to work with our existing Application Security staff to better protect our production applications and their related application infrastructure, as well as provide expert level guidance to development teams around secure architecture for their systems.

As a Sr. Application Security Engineer at Braze, you will work on a diverse set of projects including:

• Working with Application Development and Product teams to craft creative security solutions to their architectural proposals
• Managing (in part) a robust and automated vulnerability workflow that includes Bug Bounties, SAST, DAST, and Penetration Tests
• Conduct internal Penetration Tests on Applications and API's in various environments
• End-to-end implementation of Security controls such as WAF's, inline secure coding tools, and bespoke security controls for inbuilt applications
• Investigation and Response to Security incidents
• Sifting through the massive influx of semi-useful AI tools and determining what actually can provide value to an Application Security program

WHO YOU ARE

You are a person who can translate a complex multi-vuln attack chain into plain english, and show a team of developers and product managers proper mitigation strategies while still operating within the confines of their intended systems goal. You have extensive experience discovering vulnerabilities in Web applications and API's, and can demonstrate your ability to chain multiple issues for maximum impact. You are engaged with online Web App/Bug Bounty communities and consume content describing the forefront of application security and vulnerability development.

An good candidate will have:

• 5+ years of experience securing an application at a company at a Sr. IC level.
• Demonstrable experience in consistently locating novel security vulnerabilities in web software
• • 3+ years experience conducting penetration tests both as a single tester and on a team
• 3+ years of experience in application incident response
• Experience with active testing against AI/LLM integrated web applications and API's
• Experience with scripting languages and automation
• Direct experience in the triage/validation of vulnerabilities in systems they may not be familiar with, and the ability to properly articulate risk and provide accurate mitigation recommendations
• Ability to read and understand Javascript, Ruby, and Kotlin (development level proficiency not required)

An excellent candidate will have:

• Experience with Mail Delivery systems/experience in the MarTech space
• Experience managing a public bug bounty program
• CVE's or published vulnerabilities, and corresponding conference talks
• Involvement with an open source project
• Experience with the review and risk evaluations of 3rd party integrations
• Experience with mobile application penetration testing (including testing methodologies that include location of security vulnerabilities in applications with pinned certificates)

WHAT WE OFFER

Braze benefits vary by location, and we encourage you to review our specific benefits offerings for each country here. More details on benefits plans will be provided if you receive an offer of employment.

From offering comprehensive benefits to fostering hybrid ways of working, we've got you covered so you can prioritize work-life harmony. Braze offers benefits such as:

• Competitive compensation that may include equity
• Retirement and Employee Stock Purchase Plans
• Flexible paid time off
• Comprehensive benefit plans covering medical, dental, vision, life, and disability
• Family services that include fertility benefits and equal paid parental leave
• Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
• A curated in-office employee experience, designed to foster community, team connections, and innovation
• Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
• Employee Resource Groups that provide supportive communities within Braze
• Collaborative, transparent, and fun culture recognized as a Great Place to Work

ABOUT BRAZE

Braze is the leading customer engagement platform that empowers brands to Be Absolutely Engaging. Braze allows any marketer to collect and take action on any amount of data from any source, so they can creatively engage with customers in real time, across channels from one platform. From cross-channel messaging and journey orchestration to Al-powered experimentation and optimization, Braze enables companies to build and maintain absolutely engaging relationships with their customers that foster growth and loyalty.

Braze is proudly certified as a Great Place to Work in the U.S., the UK, Australia, and Singapore. In 2025, we were recognized as one of Built In's Best Places to Work. In 2024, we were included in U.S. News & World Report's Best Companies to Work For (Top 10%) and recognized in Great Place to Work's Fortune Best Medium Workplaces, Fortune Best Workplaces in Technology, Fortune Best Workplaces for Parents, and Fortune Best Workplaces for Women.

Additionally, we were featured in Great Place to Work UK's Best Workplaces, Best Workplaces in Europe, Best Workplaces for Development, Best Workplaces for Wellbeing, Best Workplaces for Women, and Best Workplaces in Technology.

You'll find many of us at headquarters in New York City or around the world in Austin, Berlin, Bucharest, Chicago, Dubai, Jakarta, London, Paris, San Francisco, Singapore, São Paulo, Seoul, Sydney and Tokyo – not to mention our employees in nearly 50 remote locations.

BRAZE IS AN EQUAL OPPORTUNITY EMPLOYER

At Braze, we strive to create equitable growth and opportunities inside and outside the organization.

Building meaningful connections is at the heart of everything we do, and that includes our recruiting practices. We're committed to offering all candidates a fair, accessible, and inclusive experience – regardless of age, color, disability, gender identity, marital status, maternity, national origin, pregnancy, race, religion, sex, sexual orientation, or status as a protected veteran. When applying and interviewing with Braze, we want you to feel comfortable showcasing what makes you you.

We know that sometimes different circumstances can lead talented people to hesitate to apply for a role unless they meet 100% of the criteria. If this sounds familiar, we encourage you to apply, as we'd love to meet you.

Please see ourCandidate Privacy Policy for more information on how Braze processes your personal information during the recruitment process and, if applicable based on your location, how you can exercise any privacy rights.