AppSec Engineer

📋 Description

• • OnePay is revolutionizing the consumer fintech landscape, empowering millions of Americans with a superior financial experience. We are on a mission to fix a broken financial system plagued by exorbitant fees, meager interest rates, and limited avenues for wealth growth. Our comprehensive, all-in-one financial services platform seamlessly integrates banking, high-yield savings, credit cards, point-of-sale lending, investing, and cryptocurrency, all within a single, intuitive application. Furthermore, we are extending our reach by partnering with employers, HCM providers, and gig platforms to embed essential financial services directly to millions of employees and frontline workers, enhancing their financial well-being.
• • Backed by industry titans like Walmart, the world's largest retailer, and Ribbit Capital, a preeminent fintech investor, OnePay possesses unparalleled scale, distribution capabilities, and the strategic advantage to forge a truly category-defining financial ecosystem. Our rapid pace of innovation is fueled by a culture that values urgency, exceptional talent, low ego, and the ability to operate effectively in a dynamic, fast-moving environment. We are seeking individuals who are ready to embrace this challenge and contribute to our ambitious growth trajectory.
• • As an Application Security Engineer at OnePay, you will be instrumental in fortifying our platform against evolving threats. Your responsibilities will span the entire software development lifecycle, ensuring that security is not an afterthought but an integral component of our architecture and development processes. You will be at the forefront of designing and implementing robust security measures, from architecting secure AWS environments to embedding sophisticated automated threat detection mechanisms that safeguard our users' sensitive financial transactions. Your expertise will be critical in ensuring our adherence to stringent compliance standards, including PCI DSS, CCPA, and GLBA, thereby maintaining the highest levels of trust, reliability, and data integrity for our rapidly expanding user base.
• • Key responsibilities include conducting thorough secure code reviews and leveraging static and dynamic analysis tools to identify vulnerabilities. You will collaborate closely with development teams to prioritize and oversee the remediation of identified security issues, fostering a culture of shared security responsibility. Proactively engaging in threat modeling sessions and risk-driven design reviews during the early stages of development will be crucial to embedding security by design. You will also be tasked with automating repetitive security tasks, such as vulnerability triage, code scanning, and the orchestration of various security tools, significantly enhancing our operational efficiency.
• • A significant aspect of this role involves building and extending our in-house application security automation frameworks and developing custom penetration testing tooling to address unique challenges within our environment. You will architect and implement secure AWS configurations, meticulously managing IAM roles and policies, encryption keys, and VPC segmentation to ensure a hardened cloud infrastructure. Embedding security directly into our CI/CD pipelines and code repositories through policy-as-code tools, pre-commit hooks, SAST/SCA integrations, and IDE tool configurations will be a core function.
• • Furthermore, you will be responsible for securing our containerized environments, including EKS, Kubernetes, and Docker, by implementing and enforcing industry best practices. Close collaboration with our security architecture and detection teams will be essential for tuning our SIEM, optimizing logging strategies, and aligning telemetry data for comprehensive security monitoring. You will play a vital role in developing and disseminating AppSec standards and architectural patterns across all product teams, establishing feedback loops to continuously refine and improve our security posture.
• • This role also requires supporting regulatory and compliance assessments, such as PCI, CCPA, and GLBA, by providing necessary documentation, evidence, and technical expertise. Your contributions will directly impact the security and trustworthiness of a leading fintech platform, ensuring the protection of millions of users' financial data and transactions. We are looking for individuals who are passionate about security, possess a deep understanding of modern application security principles, and thrive in a fast-paced, collaborative environment.