Application Security Engineer
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Application Security Engineer focused on strengthening systems and conducting security assessments at MoonPay, a digital currency payments platform.
Responsibilities:
- Conduct threat modelling reviews of Technical Design Documents (TDDs) for new and existing features, providing clear, actionable security recommendations early in the design process.
- Perform and support application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept (PoC) development where appropriate.
- Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation.
- Own and continuously improve application-layer protections, including managing and tuning Cloudflare WAF and related security controls.
- Partner closely with engineering teams to embed security best practices throughout the SDLC, from design and development through deployment and maintenance.
- Research and track emerging threats and vulnerabilities, translating findings into practical mitigation strategies relevant to our technology stack.
- Develop and deliver security guidance, training, and awareness for engineering teams to raise the overall security maturity of the organization.
- Contribute to the creation, maintenance, and evolution of security standards, processes, and documentation.
- Participate in and eventually lead incident response activities, supporting investigation, containment, remediation, and post-incident improvements.
Requirements:
- You have developed a breadth of experience across multiple security domains, including web and mobile application security, infrastructure and cloud security, and can connect these areas to drive a holistic security approach.
- You have hands-on experience performing white-box, source code-assisted web and mobile application penetration testing, from vulnerability discovery through triage and exploitation.
- You have the ability to read, understand, and review source code to identify security issues, with ideally, a particular focus on JavaScript and TypeScript codebases.
- You have a strong understanding of Threat Modelling principles and their practical application to the secure software development lifecycle (SDLC).
- You have experience working with web application firewalls to help protect applications, assess coverage, and support tuning rules to mitigate common attack patterns.
- You have experience embedding application security practices into CI/CD pipelines, enabling early detection of vulnerabilities and close collaboration with engineering teams throughout the development lifecycle.
- You have collaborated closely with engineering teams to clearly communicate security findings, explain vulnerabilities, attack paths, and mitigations, and support the implementation of effective fixes for both technical and non-technical audiences.
- You are self-motivated, proactive, and take strong ownership of your work, operating effectively in a remote environment while maintaining a collaborative, team-focused mindset.
Benefits:
- Competitive salary package
- Equity package: We believe financial freedom starts with our employees, so all employees have ownership at MoonPay
- Pay for performance equity bonus: Those who drive outsized outcomes receive outsized rewards
- Moonshot award. We honor exceptional impact - 10 employees twice a year, each earning a $250,000 equity grant.
- Unlimited holidays: We give you the autonomy to choose when to work (and when to switch off)
- Hybrid working schedule: Work fully remotely or your nearest Moonbase, the choice is yours
- Private Healthcare benefits: To protect you and your loved ones
- Enhanced parental leave: So you can spend more time with your loved ones without a second thought
- Annual training budget: We support your training journey every step of the way
- Home office setup allowance: Create the home office of your dreams
- Remote working allowance: Those working fully remotely get a little extra for utilities
- Monthly budget to spend on our products and zero fee crypto transactions: Cultivate your inner DEGEN
- Employee referral programme: Great people know great people, refer them to receive 10K in USDC
- Regular remote company offsites: Meet your colleagues regularly for high impact in person sessions and hackathons
- Working in a disruptive and fast-growing company where excellence is rewarded
Similar Jobs
Senior Databricks Application Engineer
Senior Databricks Application Engineer designing Databricks Apps and developing data solutions remotely. Collaborating on analytics workflows and cloud integration for IT Services.
Senior Application Security Engineer
Senior Application Security Engineer at Amerisure designing and maintaining security controls for applications. Leading security monitoring and vulnerability management in a DevSecOps environment.
Full-stack AI Application Engineer
Full-stack Engineer at ThirdLaw building AI-native platform features. Working in a small team to deliver impactful solutions to ensure AI trust and safety.
Senior Application Security Engineer
Senior Application Security Engineer at RevenueCat ensuring security across web and mobile applications. Collaborating with engineering teams and external parties to create secure frameworks and support bug bounty programs.
Technology Field Application Engineer
Technology Field Application Engineer at Arrow Global Components facilitating solutions for customer designs through technical leadership and engineering investments. Partnering with sales teams and managing supplier expectations.
Application Security Engineer
Application Security Engineer responsible for embedding security in software delivery at SNHU. Collaborating with DevSecOps teams to ensure application security in various approved remote states.
Application Engineer – Europe South
Application Engineer providing technical expertise and support for Mecademic's robotic solutions. Focused on Europe South region while engaging with engineers and integrators.
Application Engineer – DACH Region
Technical expert for Mecademic's robotic solutions in the DACH region. Provide in-depth technical support and demonstration for successful deployment and optimization of robotic solutions.
Principal AI Application Engineer
Principal AI Application Engineer creating modular AI solutions for government services at Code for America. Collaborating with various teams for effective public service delivery.
Application Engineer
Drive technical support and training for Cimatron CAD and Mold products while collaborating with sales teams in Mexico. Oversee customer implementation projects and maintain high-quality customer satisfaction levels.
Application Support Engineer
Application Support Engineer responsible for resolving application and infrastructure issues in customer-hosted environments at Lumin Digital. Collaborating with internal teams to ensure smooth client operations.
Senior Cloud Application Support Engineer
Cloud Engineer providing advanced support and troubleshooting for cloud-based services in a managed service environment. Leading problem resolution efforts and improving service offerings using Azure expertise.
Dynamics 365 Application Support Engineer
Dynamics 365 Application Support Engineer managing application issues and ensuring customer satisfaction. Supporting Microsoft's Dynamics 365 systems while adhering to IT security principles and best practices.
Application Security Engineer – Threat Modeling, SAST, SCA
Application Security Engineer at Netsentries performing secure code assessments and Threat Modeling for enterprise web/mobile applications. Collaborating with development teams to identify and remedy vulnerabilities.
Mechatronics Application Engineer
Mechatronics Application Engineer focused on customer automation in North America. Supporting technical sales and providing in-depth knowledge of mechatronic solutions.
Application Engineer – ASEAN Region
Application Engineer providing technical support for Mecademic's robotic solutions in the ASEAN market. Responsible for demonstrations, training, managing customer relationships, and addressing technical challenges.
Pre-Sales Application Engineer
Lab Productivity Pre‑Sales Application Scientist at Agilent enabling laboratory automation and analytical workflows. Collaborating with customers to enhance lab productivity solutions.
Field Application Engineer
Field Applications Engineer installing and troubleshooting vehicle control systems for ambulance builders and specialist converters, requiring extensive travel across the United States.
Application Engineer, AI Physics
Application Engineer building AI Physics capabilities for engineering and scientific discovery at Rescale. Collaborating with customers and engineering teams to ship product features.
Application Security Engineer
Application Security Engineer securing software programs for Department of Justice. Focusing on identifying vulnerabilities, designing security controls, and improving security processes.