Application Security Engineer

About MoonPay 🌖💸

Hi, we’re MoonPay. We’re here to onboard the world to Web3.

Why? Because we think Web3 is a unique and democratising technology. It gives people back control of their money, digital identity, data, and property like nothing else before it.

What we do

We’re the leading infrastructure company in Web3. This means we offer our partners everything from payment solutions (we call them 'Ramps') to minting software for digital collectibles, like NFTs. And over 20 million people around the world now trust our products — just take a look on Trustpilot.

We’re also big on collaborations. And we've worked on stunts, drops, and partnerships with some of the world's most prestigious and forward-thinking brands.

But that’s not all. We have also built our own consumer app because we wanted to see if we could build a better Web3 account. It’s taken off in a big way, and we're working hard to continually improve it and to strive for perfection.

So whatever your background, we’re sure there’s something for you here. Come help us build the future of Web3 and digital ownership.

About the Opportunity ✍️ 

Our Product Security team is a dynamic blend of proactive defenders and inquisitive problem-solvers. We're dedicated to fortifying our systems through rigorous security reviews and hands-on penetration testing. We actively manage our Bug Bounty program, ensuring swift response and remediation. We leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. Collaboration is key, as we embed security best practices throughout the SDLC. We are constantly researching emerging threats, crafting effective mitigation strategies, and empowering our engineering teams with comprehensive training. We maintain up-to-date security standards and lead incident response with precision. We are passionate about fostering a secure environment and contributing to the wider security community.

🚀 What you will do

* Conduct thorough threat modelling of Technical Design Documents (TDD) practices and provide actionable recommendations for improvement.

* Contribute to and support penetration testing activities, including vulnerability assessments and PoC development.

* Triage, respond and investigate Bug Bounty program reports.

* Implement and manage Web Application Firewalls (WAFs) and other security tools, preferably with experience in Cloudflare.

* Collaborate with development teams to integrate security best practices throughout the software development lifecycle (SDLC).

* Research and evaluate emerging security threats and vulnerabilities, and develop mitigation strategies.

* Develop and deliver security training and awareness programs to engineering teams. 

* Contribute to the development and maintenance of security standards and keeping documentation up to date.

* Lead and participate in incident response activities, including investigation and remediation.

🧑‍🚀 About You

* You developed a breadth of experience across multiple security domains, including application security, infrastructure security, cloud security, and mobile security, with a proven ability to connect and integrate these areas for a holistic security approach.

* You have a strong understanding of Threat Modelling principles and their application to secure software development.

* You have hands-on experience with penetration testing methodologies and tools.

* You had previous experience with WAF configuration and management, ideally including Cloudflare.

* You performed mobile penetration testing and acquired techniques and tools.

* You have proficiency in Javascript and Typescript programming languages.

* You are comfortable explaining technical concepts like vulnerabilities and discussing effective mitigations.

* You are self-motivated, can work effectively in a remote setting while maintaining a team-focused mindset.

* Your background experience includes working in a disruptive technology, successfully launching products, ideally, within FinTech, SaaS, Crypto.

* If you hold relevant security certifications (e.g., CISSP, OSCP, CEH) are a plus but not required.

* You have a good understanding of cryptography and its applications.

* You contribute to the security community in open source, by participating in CTFs, or giving talks at local information security conferences.

💻 What you will be working with/on

As part of our Product  Security team, you'll be instrumental in safeguarding our digital assets. You'll conduct in-depth security reviews of technical designs, ensuring robust defenses from the outset. You'll actively participate in penetration testing, identifying and mitigating vulnerabilities. You'll triage and respond to Bug Bounty reports, maintaining a proactive security posture. You'll configure and manage our Web Application Firewalls, particularly Cloudflare, to thwart attacks. You'll collaborate closely with development teams, integrating security seamlessly into the SDLC. You'll research emerging threats, developing strategies to stay ahead of adversaries. You'll contribute to and deliver security training, fostering a security-conscious culture. You'll help maintain and improve our security standards and documentation. You'll participate in incident response, ensuring swift and effective remediation. You'll also have opportunities to engage with the wider security community.

Most importantly, though, you will embody the core principles that everyone here at the MoonPay lives by. Our “BLOCK Values” are at the heart of everything we do - and they are…

B - Be Hungry

L - Level Up

O - Own It

C - Crypto Curious

K - Kaizen

MoonPay Perks

Equity package 📈

Unlimited holidays 🏝

Paid parental leave 🍼

Annual training budget 💻

Home office setup allowance 🪑

Monthly budget to spend on our products 💰

Working in a disruptive and fast-growing industry where the possibilities are endless 🚀

Freedom, autonomy and responsibility 💪

Research has shown that women are less likely than men to apply for this role if they do not have experience in 100% of these areas. Please know that this list is indicative, and that we would still love to hear from you even if you feel that you are only a 75% match. Skills can be learnt, diversity cannot.

Please let us know if you require any accommodations for the interview process, and we’ll do our best to provide assistance.

Commitment To Diversity

At MoonPay we believe that every voice matters. We strive to create a mindful and respectful environment where everyone can bring their authentic self to work, and experience a culture that is free of harassment, racism, and discrimination. That’s why we are committed to diversity and inclusion in the workplace and are a proud equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by law. This policy applies to all employment practices within our organization, including, but not limited to, hiring, recruiting, promotion, termination, layoff, and leave of absence.

MoonPay is also committed to providing reasonable accommodations in our job application procedures for qualified individuals with disabilities. Please inform our Talent Team if you need any assistance completing any forms or to otherwise participate in the application process.

Please be aware that MoonPay does not request an AI-led interview without seeing a recruiter or team member from MoonPay on video call. We won't ask for your personal identification documents or any money from you during your interview process with us. Be fraud smart! If you receive an email - claiming to be from MoonPay - but from an email address ending in anything other than @moonpay.com, please be aware that this is not us.