Careers
Build what breaks things.
We're a small team building the inspection layer for the internet. Every deployed app has bugs — we find them, document them, and help fix them. Come build the tools that make software better.
Why BrokenApp
How we work.
Fully remote
Work from anywhere. We're distributed across time zones and async by default.
Engineering-driven
No PMs scheduling your sprint. Engineers own the roadmap, the architecture, and the shipping cadence.
Real impact
Every scan finds real bugs in real apps. Your code directly improves software security across the internet.
Best tools
Latest hardware, any software you need, conference budget, and learning stipend. No approvals required.
The work
What you'll build.
BrokenApp is a Rust CLI that launches headless browsers, crawls web applications, detects vulnerabilities, and generates evidence-backed reports. It ships as a single binary with zero runtime dependencies.
The scanner handles IDOR detection with cross-user replay, N×N auth matrix testing, exposure scanning with 18 regex patterns, business logic flaw detection, GraphQL introspection, and native auth flow testing for Supabase and Firebase.
We integrate with GitHub (issue sync, SARIF, PR comments), support compliance mapping (CWE, OWASP), and export to PDF, Markdown, and CSV. The platform layer handles scheduling, baselines, and team collaboration.
The stack
What we use.
Open roles
Join the team.
Senior Rust Engineer
Core EngineBuild the scanning engine. Browser automation, concurrent crawling, vulnerability detection pipelines. You'll own the core CLI that ships as a single binary.
Security Researcher
DetectionDesign and implement new detection strategies. IDOR classification, auth flow analysis, business logic flaw detection. Turn manual pentesting knowledge into automated scanners.
Full-Stack Engineer
PlatformBuild the dashboard, API layer, and integrations. GitHub sync, webhook delivery, team management, scheduled scanning. Next.js, TypeScript, PostgreSQL.
Developer Experience Engineer
DevExOwn the CLI UX, documentation, MCP server, CI/CD templates, and SDK. Make BrokenApp the tool developers actually want to use. Rust + TypeScript.
Don't see your role?
We're always looking for exceptional people. Send us a note about what you'd build.
Get in touchCulture
What we believe.
Ship daily
Small, frequent changes. Main is always deployable. If it's done, ship it. Iteration beats perfection.
Write it down
Decisions in docs, not Slack threads. RFCs for big changes. Context is shared, not hoarded.
Own the outcome
You own the feature from idea to production. No handoffs between PM, design, and engineering.
Evidence over intuition
Same standard we apply to our scanner. Show the data. Show the reproduction. Show the proof.
Default to open
Share your work early. Ask for feedback. Public channels over DMs. Transparency scales trust.
Stay small
Small teams move faster. We hire slowly and give everyone real ownership. Quality over headcount.
Help us break things.
The best way to make software better is to find what's wrong with it.