Engineering Manager, Security Engineering

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As the Head of Security Engineering, you will lead and support exceptional Application Security and Security Operations teams to grow a world-class security program at Brex. Our goal is to provide a secure environment for customers and staff where the default way is the easiest and most secure, while securing Brex's expansion to enterprise customers and novel AI/agentic implementations. We're looking for a servant leader who values growing the people on their teams alongside a strong desire to develop collaborative and effective organizations.

Where you’ll work

This role will be based in our New York office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of two coordinated days in the office per week, Wednesday and Thursday. Starting February 2, 2026, we will require three days per week in office - Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Build, lead, and grow successful security engineering teams across Application Security and Security Operations domains, with strong commitment to recruiting great talent. Recruiting is everyone's responsibility at Brex.
• Drive security strategy and roadmap for vulnerability prevention, secure product lifecycle, detection automation, and security operations across corporate security, detection & response, and infrastructure security domains.
• Set direction for engineering team strategy, share context by elaborating the "why", empower everyone to achieve their best work, and drive execution of security projects while setting clear expectations.
• Guide teams to build and deliver high-quality security tooling and automated solutions at scale, including contributing to and maintaining the team's open source project Substation.
• Inspire a collaborative culture across highly cross-functional teams, working with engineering leaders across Brex and upholding high engineering standards while operating calmly under pressure during security incidents.

Requirements

• 3+ years of experience in an engineering leadership role managing security engineering teams with demonstrated autonomy and self-direction as a strong M1-level manager. 
• Strong software engineering background with coding ability and passion for security. Expected to contribute to development of security tooling and act as maintainer for open source projects.
• Strong cross-functional leadership with exceptional stakeholder management skills. You genuinely enjoy working with others and have a track record of successfully delivering complex projects across multiple teams in fast-paced environments. Excitement to work collaboratively with engineering partners, product, fraud, legal, GTM, and GRC teams.
• People-centered management philosophy that empowers engineers to do their best work by providing context, clarity, and support. You enable your team's work to scale by coaching and developing talent, not micromanaging. Strong leading and coaching abilities are essential for this role.
• Excellent written and verbal communication skills paired with a collaborative mindset. You can convey complex security concepts clearly to both technical and non-technical audiences.
• Experience managing up and out - you can effectively communicate with leadership, influence without authority, and build strong relationships across all organizational levels.
• Comfortable with ambiguity and change - you're flexible and thrive in environments where priorities shift and you need to navigate uncertainty.
• Deep experience with application security competencies including secure development lifecycle, threat modeling, vulnerability management, penetration testing, and red/purple teaming.
• Experience with security operations including alert triage, incident response, detection engineering, SIEM/log aggregation, and deploying security monitoring systems.
• Knowledge of Python, scripting languages, and AI/agentic approaches to build tools and automate security tasks.

Bonus points

• Proficiency with Kotlin, gRPC, GraphQL, Kubernetes, or Go.
• Previous experience as a software engineer or in consultancy performing web application security reviews.
• Experience with AWS and securing distributed systems in cloud environments.
• Experience with pentesting and securing agentic features and AI systems.
• Contributions to the wider technical community through open source projects, public research, blogging, conference presentations, or community organizing.
• Experience managing bug bounty programs.
• Familiarity with modern security tooling stack including Terraform, Tines, EDR solutions, Wiz, Crowdstrike, and SIEM platforms.
• You champion security best practices while enabling developer velocity and creating intuitive, secure-by-default experiences.

Compensation

The expected salary range for this role is $240,000 - $300,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.