Product Security Engineer

Our on- and off-ramp suite of products provides a seamless experience for converting between fiat and crypto using all major payment methods in over 160…...

MoonPay builds payments infrastructure for cryptocurrencies. Our on- and off-ramp suite of products provides a seamless experience for converting between fiat and crypto using all major payment methods in over 160 countries. Our mission is to make cryptocurrencies accessible to over a billion people by 2030!

We are bootstrapped and already highly profitable, enjoying a revenue growth of 1000% + in the last 12 months We have more than 2 million customers and our payment solutions power more than 250 of the world’s largest crypto wallets, websites, and applications.

We are a fully remote, global team across 25+ countries, and we pride ourselves on having a connected and inclusive culture that empowers people to do their best work. We give our team autonomy to move fast, innovate and take responsibility. In the same way the internet became a means to democratize information, cryptocurrency is becoming a means to democratize financial participation at scale.

Join us in our mission to build a better financial world!


What you’ll do

  • Partner with engineering to perform regular product security assessments and threat modeling.
  • Respond to vulnerabilities disclosed through our vulnerability disclosure program (bug bounty) and our own vulnerability discovery.
  • Maintain internal documentation and standards for security best practices.
  • Develop tooling to automate and scale our security assessment processes.
  • Design and develop features to improve the security of our products.
  • Participate and support the incident detection and response process.
  • Provide security advice and mentorship to the engineering team.

You should apply if ✅

  • You have a deep knowledge and understanding of modern web technologies and their weaknesses.
  • You have hands-on experience performing web application penetration testing, code reviews, architecture reviews and threat modelling.
  • You have good programming skills.
  • You have experience working with security tooling such as SAST, DAST and IAST.
  • You are comfortable explaining technical concepts like vulnerabilities and discussing effective mitigations.
  • You have knowledge and experience detecting and mitigating OWASP 10 vulnerabilities
  • You are experienced at supporting the response to security incidents.

Bonus points if:

  • You have experience working in a regulated industry.
  • You have worked with JavaScript codebases and frameworks e.g Typescript, Node.JS and React.
  • You have completed or are in the process of completing security certifications such as CISSP, GWEB, OSWE.
  • You contribute to the security industry through research, talks etc

Benefits

  • Competitive salary, based on experience, market data and location
  • Share options
  • Unlimited holidays
  • Working in a disruptive and fast-growing industry where the possibilities are endless
  • Fully remote: your life, your way of working
  • Freedom, autonomy and responsibility
  • Annual company retreat ‍️