Moonpay

Application Security Engineer

Job Description

Locations Supported 🌍
UK
US
Poland
Spain
Portugal

Relocation available:No

Work pattern: This role will be remote.

About the Opportunity👉
Our Product Security team is a dynamic blend of proactive defenders and inquisitive problem-solvers. We are dedicated to strengthening our systems through rigorous security reviews and hands-on penetration testing, and we actively manage our Bug Bounty program to ensure timely validation, response, and remediation. 

We leverage cutting-edge tools and techniques to build robust defenses, and collaboration is central to how we work; embedding security best practices throughout the SDLC. We continuously research emerging threats, develop effective mitigation strategies, and empower engineering teams through clear guidance and practical security training. 

We maintain up-to-date security standards and documentation, lead incident response efforts with precision, and are passionate about spreading a secure-by-design culture while contributing to the wider security community. 


What You Will Do
  • Conduct threat modelling reviews of Technical Design Documents (TDDs) for new and existing features, providing clear, actionable security recommendations early in the design process. 
  • Perform and support application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept (PoC) development where appropriate. 
  • Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation. 
  • Own and continuously improve application-layer protections, including managing and tuning Cloudflare WAF and related security controls.
  • Partner closely with engineering teams to embed security best practices throughout the SDLC, from design and development through deployment and maintenance. 
  • Research and track emerging threats and vulnerabilities, translating findings into practical mitigation strategies relevant to our technology stack. 
  • Develop and deliver security guidance, training, and awareness for engineering teams to raise the overall security maturity of the organization.
  • Contribute to the creation, maintenance, and evolution of security standards, processes, and documentation.
  • Participate in and eventually lead incident response activities, supporting investigation, containment, remediation, and post-incident improvements. 


    • About You
  • You have developed a breadth of experience across multiple security domains, including web and mobile application security, infrastructure and cloud security, and can connect these areas to drive a holistic security approach. 
  • You have hands-on experience performing white-box, source code-assisted web and mobile application penetration testing, from vulnerability discovery through triage and exploitation. 
  • You have the ability to read, understand, and review source code to identify security issues, with ideally, a particular focus on JavaScript and TypeScript codebases.
  • You have a strong understanding of Threat Modelling principles and their practical application to the secure software development lifecycle (SDLC).
  • You have experience working with web application firewalls to help protect applications, assess coverage, and support tuning rules to mitigate common attack patterns. 
  • You have experience embedding application security practices into CI/CD pipelines, enabling early detection of vulnerabilities and close collaboration with engineering teams throughout the development lifecycle. 
  • You have collaborated closely with engineering teams to clearly communicate security findings, explain vulnerabilities, attack paths, and mitigations, and support the implementation of effective fixes for both technical and non-technical audiences. 
  • You are self-motivated, proactive, and take strong ownership of your work, operating effectively in a remote environment while maintaining a collaborative, team-focused mindset. 

    • Nice-to-have experience:
  • You have experience in JavaScript and TypeScript, including the ability to read, understand, and reason about modern web application codebases. 
  • You have experience working with Cloudflare, including its hosting and Web Application Firewall (WAF) capabilities, to help secure and operate internet-facing applications. 
  • You have experience testing and securing GraphQL, REST APIs, including understanding common GraphQL/REST-specific attack vectors and security considerations. 
  • You have experience or a strong interest in Web3 security testing, including assessing smart contracts, blockchain-based applications, or Web3 integrations. 
  • You have an interest in agentic engineering, including emerging patterns in autonomous systems, tooling, or workflows, and their security implications. 

    • Bonus Points
  • You contribute or have contributed to the security community through open source involvement, participation in CTFs, or speaking at local information security meetups and conferences. 
  • Your background includes experience working with disruptive technologies and successfully launching products, ideally within FinTech, SaaS, or Crypto. 
  • You hold one or more security relevant certifications such as OSCP or OSWE. 

    • Apply Now
    Job Summary

    Cloud Security Engineer

    Job Title- Senior Information Security Engineer- CloudPrimary Location- RemotePosition Type - Full-Time OverviewJoin a large, complex healthcare organization as a Senior

    • USA Only
    • 16 days ago

    Senior Security Engineer (Python, WordPress & PHP) (remote-only, Europe)

    CloudLinux is a global remote-first company. We are driven by our principles: do the right thing, employees first, we are remote first, and we deliver high-volume, low-co

    • Senior
    • Montenegro Only
    • 13 hours ago

    Senior Security Engineer

    The Senior Security Engineer is a hands-on, high-impact technical role responsible for designing, implementing, and automating robust security controls across our applica

    • Senior
    • USA Only
    • one month ago

    Security Analyst - Junior

    Active Top Secret Clearance RequiredAbout AretumAretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers

    • Junior
    • USA Only
    • 4 hours ago