Senior Security Engineer - Automation

Our Product Security Squad is a dynamic blend of proactive defenders and inquisitive problem-solvers. We're dedicated to fortifying our systems through rigorous security reviews, hands-on penetration testing, and proactive threat modelling. We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of security services to our Engineering teams including cloud security, tailored security advice, threat modelling and penetration testing. Collaboration is key, as we embed security best practices throughout the SDLC. Crucially, we are expanding our capabilities in security automation and vulnerability management, integrating tooling directly into development workflows and driving efficient vulnerability resolution across the organization. We are constantly researching emerging threats, crafting effective mitigation strategies, empowering our engineering teams with comprehensive training, maintaining up-to-date security standards, and leading incident response with precision. We are passionate about fostering a secure environment and contributing to the wider security community.

- Design, implement, and manage the integration of security tooling (SAST, DAST, SCA, Secrets Scanning) into our CI/CD pipelines. - Develop and maintain automation scripts and platforms to streamline security processes and workflows. - Own and operate the end-to-end vulnerability management lifecycle: identification, triage, prioritization, distribution, tracking, and reporting. - Collaborate closely with engineering teams to ensure timely remediation of identified vulnerabilities and provide guidance on secure coding practices. - Drive the adoption and implementation of the SLSA framework to enhance supply chain security. - Continuously evaluate and improve existing security automation and vulnerability management workflows, bringing innovation and ownership to the process. - Research emerging threats and vulnerabilities, particularly those relevant to our tech stack and development practices, translating findings into actionable detection or prevention mechanisms. - Develop and maintain documentation for security automation tools, processes, and vulnerability management procedures. - Assist in triaging and validating findings from various sources, including automated scanners, penetration tests, and bug bounty programs. - Contribute to security training materials focused on secure development practices and the tools you implement. - Support incident response activities, particularly where automation or vulnerability data can aid investigation and remediation. - Champion and execute the security team's automation strategy for cross-functional needs, actively seeking and implementing automation opportunities based on team feedback.

- Solid background in software development with demonstrable experience, ideally using languages common in backend or infrastructure development (e.g., Go, Python, Node.js). - Strong passion for cybersecurity and keen to focus your career on security automation and vulnerability management. - Understanding of security tools like SAST, DAST, SCA, and secrets scanning solutions within a CI/CD environment (here at MoonPay we use Github). - Understanding of the principles of vulnerability management, including prioritization frameworks (e.g., CVSS) and remediation tracking. - Familiarity with the concepts and goals of the SLSA framework or similar supply chain security initiatives. - Excellent collaboration skills with technical teams, explaining security concepts and tooling requirements clearly. - Strong analytical and problem-solving skills, with an ability to identify inefficiencies and propose automated solutions. - Self-motivated, innovative, take ownership of your work, and can operate effectively in a remote, fast-paced environment. - Experience working in disruptive technology, FinTech, SaaS, or Crypto sectors is a plus. - Familiarity with cloud security principles (AWS, GCP) is beneficial. - Deep understanding of GitHub's functionalities, including advanced features, security settings, and API capabilities. - Strong administrative skills in managing and maintaining GitHub Enterprise environments, including user access, repository management, and organization settings. - Familiarity with GitHub Actions for workflow automation and security enforcement.

- Salary: $209,664 - $220,699 a year. - Full-time employment. - Opportunity to work in a dynamic and innovative environment.

MoonPay is the leading Web3 infrastructure company that onboards the world to Web3 by providing end-to-end solutions for crypto payments, enterprise-scale smart contract development, and digital asset management. They enable easy handling of crypto payments, powerful smart contracts for businesses, and digital asset management, powering Web3 experiences for iconic brands. Their engineering teams focus on areas like crypto/payments, KYC, core product, DeFi trading, on-chain asset delivery, and monetization.