MoonPay - Senior Application Security Engineer
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• You have developed a breadth of experience across multiple security domains, including web and mobile application security, infrastructure and cloud security, and can connect these areas to drive a holistic security approach. • You have hands-on experience performing white-box, source code-assisted web and mobile application penetration testing, from vulnerability discovery through triage and exploitation. • You have the ability to read, understand, and review source code to identify security issues, with ideally, a particular focus on JavaScript and TypeScript codebases. • You have a strong understanding of Threat Modelling principles and their practical application to the secure software development lifecycle (SDLC). • You have experience working with web application firewalls to help protect applications, assess coverage, and support tuning rules to mitigate common attack patterns. • You have experience embedding application security practices into CI/CD pipelines, enabling early detection of vulnerabilities and close collaboration with engineering teams throughout the development lifecycle. • You have collaborated closely with engineering teams to clearly communicate security findings, explain vulnerabilities, attack paths, and mitigations, and support the implementation of effective fixes for both technical and non-technical audiences. • You are self-motivated, proactive, and take strong ownership of your work, operating effectively in a remote environment while maintaining a collaborative, team-focused mindset. • You have experience in JavaScript and TypeScript, including the ability to read, understand, and reason about modern web application codebases. • You have experience working with Cloudflare, including its hosting and Web Application Firewall (WAF) capabilities, to help secure and operate internet-facing applications. • You have experience testing and securing GraphQL, REST APIs, including understanding common GraphQL/REST-specific attack vectors and security considerations. • You have experience or a strong interest in Web3 security testing, including assessing smart contracts, blockchain-based applications, or Web3 integrations. • You have an interest in agentic engineering, including emerging patterns in autonomous systems, tooling, or workflows, and their security implications. • 👉 Optional extras that would help a candidate stand out (keep this short). • You contribute or have contributed to the security community through open source involvement, participation in CTFs, or speaking at local information security meetups and conferences. • You hold one or more security relevant certifications such as OSCP or OSWE. • We’re looking for people who live our core values, those who strive for excellence and want to leave a lasting legacy on the global financial system. Our values: • C - Crypto Curious • Research has shown that women are less likely than men to apply for this role if they do not have experience in 100% of these areas. Please know that this list is indicative, and that we would still love to hear from you even if you feel that you are only a 75% match. Skills can be learnt, diversity cannot.
Responsibilities
• Conduct threat modelling reviews of Technical Design Documents (TDDs) for new and existing features, providing clear, actionable security recommendations early in the design process. • Perform and support application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept (PoC) development where appropriate. • Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation. • Own and continuously improve application-layer protections, including managing and tuning Cloudflare WAF and related security controls. • Partner closely with engineering teams to embed security best practices throughout the SDLC, from design and development through deployment and maintenance. • Research and track emerging threats and vulnerabilities, translating findings into practical mitigation strategies relevant to our technology stack. • Develop and deliver security guidance, training, and awareness for engineering teams to raise the overall security maturity of the organization. • Contribute to the creation, maintenance, and evolution of security standards, processes, and documentation. • Participate in and eventually lead incident response activities, supporting investigation, containment, remediation, and post-incident improvements.
Benefits
• 🤝 Equity package: We believe financial freedom starts with our employees, so all employees have ownership at MoonPay • 📈 Pay for performance equity bonus: Those who drive outsized outcomes receive outsized rewards • 🚀 Moonshot award. We honor exceptional impact - 10 employees twice a year, each earning a $250,000 equity grant. • 🏝 Unlimited holidays: We give you the autonomy to choose when to work (and when to switch off) • 🌍 Hybrid working schedule: Work fully remotely or your nearest Moonbase, the choice is yours • 🩺 Private Healthcare benefits: To protect you and your loved ones • 🍼 Enhanced parental leave: So you can spend more time with your loved ones without a second thought • 📚 Annual training budget: We support your training journey every step of the way • 🪑 Home office setup allowance: Create the home office of your dreams • 👛 Remote working allowance: Those working fully remotely get a little extra for utilities • 💰 Monthly budget to spend on our products and zero fee crypto transactions: Cultivate your inner DEGEN • 💰 Employee referral programme: Great people know great people, refer them to receive 10K in USDC • ✈️ Regular remote company offsites: Meet your colleagues regularly for high impact in person sessions and hackathons • 🚀 Working in a disruptive and fast-growing company where excellence is rewarded • Commitment To Diversity
No credit card. Takes 10 seconds.