About the role:

MoonPay is the world's leading web3 infrastructure company, providing end-to-end solutions for payments, enterprise-scale smart contract development, and digital asset management. Many of the world's most iconic brands rely on MoonPay to power their web3 strategies and ideas.

Our Product Security Squad is a dynamic blend of proactive defenders and inquisitive problem-solvers dedicated to fortifying our systems through rigorous security reviews, hands-on penetration testing, and proactive threat modelling. As a Security Automation & Vulnerability Management Engineer, you will focus on embedding security seamlessly into our Software Development Lifecycle (SDLC).

Responsibilities:

📍Design, implement, and manage the integration of security tooling (SAST, DAST, SCA, Secrets Scanning) into our CI/CD pipelines. 📍Develop and maintain automation scripts and platforms to streamline security processes and workflows. 📍Own and operate the end-to-end vulnerability management lifecycle: identification, triage, prioritization, distribution, tracking, and reporting. 📍Collaborate closely with engineering teams to ensure timely remediation of identified vulnerabilities and provide guidance on secure coding practices. 📍Drive the adoption and implementation of the SLSA framework to enhance supply chain security. 📍Continuously evaluate and improve existing security automation and vulnerability management workflows. 📍Research emerging threats and vulnerabilities, translating findings into actionable detection or prevention mechanisms. 📍Develop and maintain documentation for security automation tools, processes, and vulnerability management procedures. 📍Assist in triaging and validating findings from automated scanners, penetration tests, and bug bounty programs. 📍Contribute to security training materials focused on secure development practices. 📍Support incident response activities, particularly where automation or vulnerability data can aid investigation and remediation. 📍Champion and execute the security team's automation strategy for cross-functional needs.

Requirements:

📍Solid background in software development with demonstrable experience in languages common in backend or infrastructure development (e.g., Go, Python, Node.js). 📍Strong passion for cybersecurity with a focus on security automation and vulnerability management. 📍Understanding of security tools like SAST, DAST, SCA, and secrets scanning solutions within a CI/CD environment. 📍Understanding of vulnerability management principles, including prioritization frameworks (e.g., CVSS) and remediation tracking. 📍Familiarity with the concepts and goals of the SLSA framework or similar supply chain security initiatives. 📍Strong analytical and problem-solving skills, with the ability to identify inefficiencies and propose automated solutions. 📍Self-motivated, innovative, and able to operate effectively in a remote, fast-paced environment. 📍Deep understanding of GitHub's functionalities, including advanced features, security settings, and API capabilities. 📍Strong administrative skills in managing and maintaining GitHub Enterprise environments. 📍Familiarity with GitHub Actions for workflow automation and security enforcement.

Nice-to-have: 📍Experience working in disruptive technology, FinTech, SaaS, or Crypto sectors. 📍Familiarity with cloud security principles (AWS, GCP).

If this role isn't the perfect fit, there are plenty of exciting opportunities in blockchain technology, cryptocurrency startups, and remote crypto jobs to explore. Check them on our Jobs Board.