Product Security Engineer

Fully Remote (Worldwide)

MoonPay logo
Buy and sell crypto with MoonPay. It's fast, simple and secure.
Apply now Apply later

MoonPay builds payments infrastructure for cryptocurrencies. Our on- and off-ramp suite of products provides a seamless experience for converting between fiat and crypto using all major payment methods in over 160 countries.ย Our mission is to make cryptocurrencies accessible to over a billion people by 2030! ๐Ÿš€

We are trusted by 250+ leading wallets, websites, and applications. Some of the biggest crypto brands in the world, including, Dapper Labs, OpenSea, Argent, ZenGo, Trust Wallet and Spot, rely on our technology. Through these partnerships alone, our products are used by over 5 million users worldwide. ๐ŸŒŽ

One of the great things about working at MoonPay is that we are fully remote. Our global team spans 25+ countries, and we pride ourselves on having a connected and inclusive culture that empowers people to do their best work. We give our team autonomy to move fast, innovate and take responsibility. Join us in our mission to build a better financial world!

What youโ€™ll do ๐Ÿ‘€

  • Partner with engineering to perform regular product security assessments and threat modelling.
  • Respond to vulnerabilities disclosed through our vulnerability disclosure program (bug bounty) and our own vulnerability discovery.
  • Maintain internal documentation and standards for security best practices.
  • Develop tooling to automate and scale our security assessment processes.
  • Design and develop features to improve the security of our products.
  • Participate and support the incident detection and response process.
  • Provide security advice and mentorship to the engineering team.

You should apply if โœ…

  • You have a deep knowledge and understanding of modern web technologies and their weaknesses.
  • You have hands-on experience performing web application penetration testing, code reviews, architecture reviews and threat modelling.
  • You have good programming skills.
  • You have experience working with security tooling such as SAST, DAST and IAST.
  • You are comfortable explaining technical concepts like vulnerabilities and discussing effective mitigations.
  • You have knowledge and experience detecting and mitigating OWASP 10 vulnerabilities
  • You are experienced at supporting the response to security incidents.

Bonus points if:

  • You have experience working in a regulated industry.ย 
  • You have worked with JavaScript codebases and frameworks e.g Typescript, Node.JS and React.
  • You have completed or are in the process of completing security certifications such as CISSP, GWEB, OSWE.
  • You contribute to the security industry through research, talks etc

Research has shown that women are less likely than men to apply for this role if they do not have solid experience in 100% of these areas. Please know that this list is indicative and that we would still love to hear from you even if you feel you only are a 75% match. Skills can be learnt, diversity cannot.

We promote a diverse and inclusive culture at MoonPay.

Logistics ๐Ÿ› ย 

Unfortunately, we are unable to offer visas of any kind at this time.ย 

For this role we are ideally looking for a candidate based in Europe or able to work +/-4 GMT working hours.

Our interview process takes place on Google Hangouts and for Product roles consists of the following:

  • Recruiter call (30 minutes)
  • Initial screen (30-45 minutes)
  • Final interviewย  (2 hours)

Please let us know if you require any accommodations for the interview process, and weโ€™ll do our best to provide assistance.

Benefits ๐Ÿ’ฐ

  • Competitive salary ๐Ÿ’ฐ
  • Stock options ๐Ÿ“ˆ
  • Unlimited holidays ๐Ÿ
  • Home office equipment allowance of 600 USD (or local equivalent) ๐Ÿช‘
  • Working in a disruptive and fast-growing industry where the possibilities are endless ๐Ÿš€
  • Fully remote: your life, your way of working ๐ŸŒŽ
  • Freedom, autonomy and responsibility ๐Ÿ’ช
  • Annual company retreat ๐Ÿง˜โ€โ™€๏ธ

Job region(s): Remote/Anywhere
Job stats:  17  0  0
  • Share this job via
  • or

Explore more Information Security career opportunities