Senior Product Security Engineer

MoonPay builds payments infrastructure for cryptocurrencies. Our on- and off-ramp suite of products provides a seamless experience for converting between fiat and crypto using all major payment methods in over 160 countries. Our mission is to make cryptocurrencies accessible to over a billion people by 2030! 🚀

We are trusted by 250+ leading wallets, websites, and applications. Some of the biggest crypto brands in the world, including Bitcoin.com, Dapper Labs, OpenSea, Argent, ZenGo, Trust Wallet and Spot, rely on our technology. Through these partnerships alone, our products are used by over 5 million users worldwide. 🌎

One of the great things about working at MoonPay is that we are fully remote. Our global team spans 25+ countries, and we pride ourselves on having a connected and inclusive culture that empowers people to do their best work. We give our team autonomy to move fast, innovate and take responsibility. Join us in our mission to build a better financial world!

What you’ll do 👀

• Partner with engineering to perform regular product security assessments and threat modeling.
• Respond to vulnerabilities disclosed through our vulnerability disclosure program (bug bounty) and our own vulnerability discovery.
• Maintain internal documentation and standards for security best practices.
• Develop tooling to automate and scale our security assessment processes.
• Design and develop features to improve the security of our products.
• Participate and support the incident detection and response process.
• Provide security advice and mentorship to the engineering team.

As a Senior you will be expected to:

• Mentor and coach other Engineers. 
• Contribute to our overall approach and standards within the security discipline.
• Evangelise the adoption of new tools and approaches to security.

You should apply if ✅

• You have a deep knowledge and understanding of modern web technologies and their weaknesses.
• You have hands-on experience performing web application penetration testing, code reviews, architecture reviews and threat modelling.
• You have good programming skills.
• You have experience working with security tooling such as SAST, DAST and IAST.
• You are comfortable explaining technical concepts like vulnerabilities and discussing effective mitigations.
• You have knowledge and experience detecting and mitigating OWASP 10 vulnerabilities
• You are experienced at supporting the response to security incidents.

Research has shown that women are less likely than men to apply for this role if they do not have solid experience in 100% of these areas. Please know that this list is indicative and that we would still love to hear from you even if you feel you only are a 75% match. Skills can be learnt, diversity cannot.

We promote a diverse and inclusive culture at MoonPay.

Bonus points if:

• You have experience working in a regulated industry. 
• You have worked with JavaScript codebases and frameworks e.g Typescript, Node.JS and React.
• You have completed or are in the process of completing security certifications such as CISSP, GWEB, OSWE.
• You contribute to the security industry through research, talks etc

Logistics 🛠 

Unfortunately, we are unable to offer visas of any kind at this time. 

For this role we are ideally looking for a candidate based in Europe or able to work +/-4 GMT working hours.

Our interview process takes place on Google Hangouts and for Product roles consists of the following:

• Recruiter call (30 minutes)
• Initial screen (30-45 minutes)
• Final interview  (2 hours)

Please let us know if you require any accommodations for the interview process, and we’ll do our best to provide assistance.

Benefits 💰

• Competitive salary 💰
• Stock options 📈
• Unlimited holidays 🏝
• Home office equipment allowance of 600 USD (or local equivalent) 🪑
• Working in a disruptive and fast-growing industry where the possibilities are endless 🚀
• Fully remote: your life, your way of working 🌎
• Freedom, autonomy and responsibility 💪
• Annual company retreat 🧘‍♀️