Product Security Engineer

📋 Description

• • Join OnePay Technologies Inc., a rapidly growing consumer fintech company trusted by millions, as a Product Security Engineer and play a critical role in safeguarding our innovative financial platform. We are on a mission to revolutionize the financial system by offering an all-in-one solution that integrates banking, high-yield savings, credit cards, lending, investing, and crypto, all while partnering with employers to embed financial services for millions of employees and frontline workers. Backed by industry giants like Walmart and Ribbit Capital, we possess the scale, distribution, and ambition to build something truly category-defining.
• • As a Product Security Engineer, you will be at the forefront of our security efforts, ensuring the integrity and trustworthiness of our platform. Your responsibilities will span the entire product development lifecycle, from initial design to ongoing operations. You will be instrumental in architecting secure cloud environments, implementing robust threat detection mechanisms, and ensuring compliance with stringent regulatory standards such as PCI, CCPA, and GLBA. This role demands a proactive and hands-on approach to embedding security into every facet of our technology.
• • A core aspect of your role will involve proactive security assessments. You will conduct thorough threat modeling sessions to identify potential vulnerabilities and risks early in the development process. This includes performing detailed risk-driven design reviews, ensuring that security considerations are integrated into architectural decisions from the outset. Your expertise will guide development teams in building secure-by-design products.
• • You will also be deeply involved in code-level security. This includes performing comprehensive secure code reviews, leveraging static and dynamic analysis tools to uncover potential weaknesses. A significant part of your contribution will be to collaborate closely with development teams to oversee the remediation of identified security issues, fostering a culture of shared security responsibility.
• • Automation will be a key lever in your efforts to enhance security efficiency. You will be tasked with automating repetitive security tasks, including vulnerability triage, code scanning processes, and the orchestration of various security tools. This will free up valuable engineering time and ensure consistent application of security policies.
• • You will have the opportunity to build and extend our in-house Application Security (AppSec) automation frameworks and develop custom penetration testing tooling. This hands-on development work will allow you to tailor security solutions to OnePay's unique needs and challenges, pushing the boundaries of our security capabilities.
• • Collaboration with our security architecture and detection teams is essential. You will partner with these teams to fine-tune our Security Information and Event Management (SIEM) systems, optimize logging strategies, and ensure alignment of telemetry data for effective threat detection and incident response.
• • A significant portion of your work will involve architecting and implementing secure AWS configurations. This includes managing Identity and Access Management (IAM) roles and policies, implementing robust encryption key management using KMS, designing secure Virtual Private Cloud (VPC) segmentation, and configuring EC2 and RDS instances securely. You will ensure our cloud infrastructure adheres to the highest security standards.
• • You will play a vital role in embedding security directly into our CI/CD pipelines and code repositories. This involves utilizing policy-as-code tools, implementing pre-commit hooks, integrating SAST (Static Application Security Testing) and SCA (Software Composition Analysis) tools, and setting up IDE tool integrations to provide developers with immediate security feedback.
• • Securing our containerized environments is paramount. You will be responsible for implementing and enforcing security best practices for container and orchestration platforms such as EKS (Elastic Kubernetes Service), Kubernetes, and Docker, addressing their specific threat surfaces.
• • You will contribute to the development and enforcement of AppSec standards and patterns across all product teams. This involves creating clear guidelines, providing training, and iterating on these standards based on feedback loops and evolving threat landscapes, ensuring consistent security posture across the organization.
• • Finally, you will support regulatory and compliance assessments, such as PCI, CCPA, and GLBA, by providing necessary documentation, insights, and technical expertise, ensuring OnePay meets all legal and industry requirements.
• • This role is ideal for someone who is ready to run, hungry and driven by urgency, exceptional at what they do with low ego, and comfortable operating in a fast-paced, dynamic environment. You will be part of a mission-driven, inclusive culture where your work has a tangible impact on millions of users.