About One

One’s mission is simple - to help customers achieve financial progress. We’re doing this by creating simple solutions to help our customers save, spend, borrow, and grow their money – all in one place.

The U.S. consumer today deserves better. Millions of Americans today can’t access credit, build savings or wealth, and are left to manage their financial lives through multiple disconnected apps. Almost a quarter of U.S. adults are unbanked or underbanked and roughly 80% of fintech users rely on multiple accounts to manage their finances.

What makes us unique? We are backed by a preeminent fintech investor (Ribbit) and the world’s largest retailer (Walmart), maintain the speed and independence of a startup, and employ a strong (and growing) collection of world-class talent.

There’s never been a better moment to build a business that helps people achieve financial progress. Come build with us!

The role

As a Security Operations Engineer, your mandate is to strengthen our detection capabilities, automate incident response processes, and help build a robust security-first culture through product and engineering team partnerships and education. This role will determine the current threat landscape and its applicability to ONE’s environment, and ensure swift responses to security events. This role will impact ONE’s vision by ensuring the safety of customer data and finances through regularly working with a variety of people in security, product, third parties, and other business functions to build detections and automations to rapidly identify and mitigate security issues.

The role is responsible for

• Mature and optimize a security detection, monitoring, and response ecosystem which implements detection engineering-as-code practices.

• Combine threat intelligence and business knowledge with technical expertise to build monitors and automations tailored to ONE’s environment.

• Plan and execute red and purple team exercises to identify vulnerabilities and assess the company’s detection and response capabilities across cloud environments and application layers.

• Mature ONE’s threat intelligence program to rapidly evolve controls in response to the current threat landscape.

• Stay abreast of emerging threats, vulnerabilities, and security technologies. Recommend and implement process improvements and security controls to enhance the organization's security posture.

• Provide training and conduct tabletop exercises to improve security awareness and incident response readiness across the organization.

• Partner with our Security GRC and Compliance teams to ensure security operations meet or exceed relevant regulatory requirements (e.g., PCI DSS v4.0, SOC 2).

• Participate in a 24x7 security incident response on-call rotation.

You bring

• 8+ years working experience in Information Security in a modern infrastructure-as-code environment with experience in proactive security engineering.

• Experience with incident response frameworks (e.g. NIST 800-61) and techniques, including containment, eradication, recovery, and post-incident activities.

• Strong skills in building and maintaining security information and event management (SIEM) systems, log analysis, and anomaly detection using tools like Datadog, ELK, and purpose-built open source tools.

• Business acumen and ability to effectively communicate business risk from cybersecurity issues to audiences with varying levels of technical background.

• Detection engineering and incident response experience specific to AWS.

• Strong knowledge of: cloud computing, defense-in-depth strategies, secure design patterns for applications and platforms.

• Deep understanding of security threat modeling, risk prioritization, and operational and technical security measures (including using industry frameworks, such as MITRE ATT&CK)

• Preferably, proficiency for automation and tool development .Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple tasks in a fast-paced environment.

What it’s like working @ One

• Competitive cash

• Benefits effective on day one

• Early access to a high-potential, high-growth fintech

• Generous stock option packages in an early-stage startup

• Employer Provident Fund contributions

• Comprehensive health insurance for you and your family (health insurance, accident and disability insurance, term life insurance), including mental health support and wellness programs

• Flexible time off programs – vacation, sick and other paid leaves and paid regional holidays

• Monthly transport allowance over and above fixed cash for office commutes

• Monthly work-from-home stipend over and above fixed cash for internet and utilities

• Hybrid working model – work with our team in Bengaluru three times a week

Leveling Philosophy

In order to thoughtfully scale the company and avoid downstream inequities, we’ve adopted a flat titling structure at One. Though we may occasionally post a role externally with a prefix such as “Senior” to reflect the external level of the position, we do not use prefixes in titles like that internally unless in a position which manages a team. Internal titles typically include your specific functional responsibility, such as engineering, product management or sales, and often include additional descriptors to ensure clarity of role and placement within our organization (i.e. “Engineer, Platform”, “Sales, Business Development” or “Manager, Talent”). Employees are paid commensurate with their experience and the internal level within One.

Inclusion & Belonging

To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at talent@one.app.