Application Security Engineer at MoonPay

About the Opportunity 

• Our Product Security team is a dynamic blend of proactive defenders and inquisitive problem-solvers. We're dedicated to fortifying our systems through rigorous security reviews and hands-on penetration testing. We actively manage our Bug Bounty program, ensuring swift response and remediation. We leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. Collaboration is key, as we embed security best practices throughout the SDLC. We are constantly researching emerging threats, crafting effective mitigation strategies, and empowering our engineering teams with comprehensive training. We maintain up-to-date security standards and lead incident response with precision. We are passionate about fostering a secure environment and contributing to the wider security community.

What you will do

• Conduct thorough threat modelling of Technical Design Documents (TDD) practices and provide actionable recommendations for improvementContribute to and support penetration testing activities, including vulnerability assessments and PoC developmentTriage, respond and investigate Bug Bounty program reportsImplement and manage Web Application Firewalls (WAFs) and other security tools, preferably with experience in CloudflareCollaborate with development teams to integrate security best practices throughout the software development lifecycle (SDLC)Research and evaluate emerging security threats and vulnerabilities, and develop mitigation strategiesDevelop and deliver security training and awareness programs to engineering teamsContribute to the development and maintenance of security standards and keeping documentation up to dateLead and participate in incident response activities, including investigation and remediation

About You

• You developed a breadth of experience across multiple security domains, including application security, infrastructure security, cloud security, and mobile security, with a proven ability to connect and integrate these areas for a holistic security approachYou have a strong understanding of Threat Modelling principles and their application to secure software developmentYou have hands-on experience with penetration testing methodologies and toolsYou had previous experience with WAF configuration and management, ideally including CloudflareYou performed mobile penetration testing and acquired techniques and toolsYou have proficiency in Javascript and Typescript programming languagesYou are comfortable explaining technical concepts like vulnerabilities and discussing effective mitigationsYou are self-motivated, can work effectively in a remote setting while maintaining a team-focused mindsetYour background experience includes working in a disruptive technology, successfully launching products, ideally, within FinTech, SaaS, CryptoIf you hold relevant security certifications (e.g., CISSP, OSCP, CEH) are a plus but not requiredYou have a good understanding of cryptography and its applicationsYou contribute to the security community in open source, by participating in CTFs, or giving talks at local information security conferences

What you will be working with/on

• As part of our Product Security team, you'll be instrumental in safeguarding our digital assets. You'll conduct in-depth security reviews of technical designs, ensuring robust defenses from the outset. You'll actively participate in penetration testing, identifying and mitigating vulnerabilities. You'll triage and respond to Bug Bounty reports, maintaining a proactive security posture. You'll configure and manage our Web Application Firewalls, particularly Cloudflare, to thwart attacks. You'll collaborate closely with development teams, integrating security seamlessly into the SDLC. You'll research emerging threats, developing strategies to stay ahead of adversaries. You'll contribute to and deliver security training, fostering a security-conscious culture. You'll help maintain and improve our security standards and documentation. You'll participate in incident response, ensuring swift and effective remediation. You'll also have opportunities to engage with the wider security community.