Senior Product Security Engineer

What you’ll do 👀

  • Partner with engineering to perform regular product security assessments and threat modeling.

  • Respond to vulnerabilities disclosed through our vulnerability disclosure program (bug bounty) and our own vulnerability discovery.

  • Maintain internal documentation and standards for security best practices.

  • Develop tooling to automate and scale our security assessment processes.

  • Design and develop features to improve the security of our products.

  • Participate and support the incident detection and response process.

  • Provide security advice and mentorship to the engineering team.

As a Senior you will be expected to:

  • Mentor and coach other Engineers.

  • Contribute to our overall approach and standards within the security discipline.

  • Evangelise the adoption of new tools and approaches to security.

You should apply if ✅

  • You have a deep knowledge and understanding of modern web technologies and their weaknesses.

  • You have hands-on experience performing web application penetration testing, code reviews, architecture reviews and threat modelling.

  • You have good programming skills.

  • You have experience working with security tooling such as SAST, DAST and IAST.

  • You are comfortable explaining technical concepts like vulnerabilities and discussing effective mitigations.

  • You have knowledge and experience detecting and mitigating OWASP 10 vulnerabilities
  • You are experienced at supporting the response to security incidents.

has shown that women are less likely than men to apply for this role if they do not have solid experience in 100% of these areas.

Please know that this list is indicative and that we would still love to hear from you even if you feel you only are a 75% match.

Skills can be learnt, diversity cannot.

We promote a diverse and inclusive culture at MoonPay.

Bonus points if:

  • You have experience working in a regulated industry.

  • You have worked with JavaScript codebases and frameworks e.

    g Typescript, Node.

    JS and React.

  • You have completed or are in the process of completing security certifications such as CISSP, GWEB, OSWE.

  • You contribute to the security industry through research, talks etc

Logistics 🛠 

Unfortunately, we are unable to offer visas of any kind at this time.

For this role we are ideally looking for a candidate based in EMEA.

Our interview process takes place on Zoom and tends to consist of the following stages:

  • Recruiter call (30 minutes)
  • Initial screen (45-60 minutes)
  • Final interview  (1.

    5 hours)

Please let us know if you require any accommodations for the interview process, and we’ll do our best to provide assistance.