MoonPay - Product Security Manager

• Lead and Mentor: Oversee the day-to-day operations and career development of the Application Security and Vulnerability Management & Automation teams. • Security Strategy: Define the roadmap for product security, focusing on scalable automation and proactive defense mechanisms. • Vulnerability Management: Drive the end-to-end lifecycle of vulnerability discovery, triaging, and remediation across our entire ecosystem. • Application Security: Improve security tooling (SAST, DAST, SCA) into CI/CD pipelines and lead threat modeling sessions and penetration testing for new features. • Cross-Functional Collaboration: Partner with Engineering and Product leaders and help and influence with security topics new business units and acquisitions to prioritize security debt and promote a culture of Security by Design. • Incident Response: Lead high-priority security incidents and investigations and improve processes, manage team rotas and escalations. • Regulatory and Compliance: Support organisation maintain or acquire new critical certifications such as SOC2, PCI, CIS TOP 18, ISO27001. • The Product Security team operates within a cutting-edge technological environment and focuses on several critical areas to ensure the highest level of security for our platform and products. • Modern Tech Stack and Infrastructure: We leverage an advanced cloud infrastructure designed for high scalability and resilience. Our development and deployment processes are built upon robust CI/CD environments, necessitating security integration at every stage, from code commit to production deployment. This involves securing containers, serverless components, and sophisticated cloud-native networking configurations. • Scalable Automation Frameworks: To effectively manage security risks across a rapidly expanding codebase and infrastructure, we utilize and develop both custom-built and industry-standard tools for vulnerability management. This includes automated security testing, dependency scanning, misconfiguration detection, and streamlined vulnerability triage and remediation workflows, all designed to operate effectively at scale. • Securing the Next Generation of Features: A major strategic focus is on securing our next generation of AI-enabled features. This involves proactive security measures related to Large Language Models (LLMs) and other AI components. Our goal is to ensure data privacy and integrity within all model interactions and maintain compliance with responsible AI principles. • Diverse and Proactive Application Security Services: We offer a full spectrum of proactive security guidance and services tailored to the needs of various engineering and business lines. This includes comprehensive penetration testing (both internal and external), in-depth threat modeling during the design phase of new features, security architecture reviews, and the development of secure coding standards. These services are provided across a wide variety of applications and business lines, from core financial services to new user-facing products. • Continuous Improvement and Security Posture Enhancement: We maintain a strong commitment to the principle of continuous improvement. This involves constantly exploring and identifying opportunities to level up the security posture across the entire organization. This includes enhancing tooling, refining processes, developing and delivering security training to engineering teams, and driving large-scale security initiatives. • Secure Development Lifecycle Guidance: A core responsibility is to guide engineering teams on adopting best practices for the secure development and deployment of their applications. This encompasses promoting a security-first culture, embedding security requirements into the SDLC, providing timely consultation on security issues, and helping teams implement security controls effectively. • $209.66 - $220.70 a year • We’re looking for people who live our core values, those who strive for excellence and want to leave a lasting legacy on the global financial system. Our values: • C - Crypto Curious • Research has shown that women are less likely than men to apply for this role if they do not have experience in 100% of these areas. Please know that this list is indicative, and that we would still love to hear from you even if you feel that you are only a 75% match. Skills can be learnt, diversity cannot.