Design, implement, and manage the integration of security tooling (SAST, DAST, SCA, Secrets Scanning) into our CI/CD pipelines.
Develop and maintain automation scripts and platforms to streamline security processes and workflows.
Own and operate the end-to-end vulnerability management lifecycle: identification, triage, prioritization, distribution, tracking, and reporting.
Collaborate closely with engineering teams to ensure timely remediation of identified vulnerabilities and provide guidance on secure coding practices.
Drive the adoption and implementation of the SLSA framework to enhance supply chain security.
Continuously evaluate and improve existing security automation and vulnerability management workflows, bringing innovation and ownership to the process.
Research emerging threats and vulnerabilities, particularly those relevant to our tech stack and development practices, translating findings into actionable detection or prevention mechanisms.
Develop and maintain documentation for security automation tools, processes, and vulnerability management procedures.
Assist in triaging and validating findings from various sources, including automated scanners, penetration tests, and bug bounty programs.
Contribute to security training materials focused on secure development practices and the tools you implement.
Support incident response activities, particularly where automation or vulnerability data can aid investigation and remediation.
Champion and execute the security team's automation strategy for cross-functional needs, actively seeking and implementing automation opportunities based on team feedback.

Requirements

You have a solid background in software development with demonstrable experience, ideally using languages common in backend or infrastructure development (e.g., Go, Python, Node.js).
You possess a strong passion for cybersecurity and have transitioned or are keen to focus your career on security automation and vulnerability management.
You have understanding on security tools like SAST, DAST, SCA, and secrets scanning solutions within a CI/CD environment (here at MoonPay we use Github)
You understand the principles of vulnerability management, including prioritization frameworks (e.g., CVSS) and remediation tracking.
You are familiar with the concepts and goals of the SLSA framework or similar supply chain security initiatives.
You excel at collaborating with technical teams, explaining security concepts and tooling requirements clearly, and driving adoption of new processes.
You possess strong analytical and problem-solving skills, with an ability to identify inefficiencies and propose automated solutions.
You are self-motivated, innovative, take ownership of your work, and can operate effectively in a remote, fast-paced environment.
You will collaborate closely with Application Security and Cloud Security teams to translate their operational needs into actionable automation requirements, taking ownership of implementing related security initiatives.
Experience working in disruptive technology, FinTech, SaaS, or Crypto sectors is a plus.
Familiarity with cloud security principles (AWS, GCP) is beneficial.
Possess a deep understanding of GitHub's functionalities, including advanced features, security settings, and API capabilities.
Demonstrate strong administrative skills in managing and maintaining GitHub Enterprise environments, including user access, repository management, and organization settings.
Familiarity with GitHub Actions for workflow automation and security enforcement.

Benefits

Competitive salary package
Equity package: We believe financial freedom starts with our employees, so all employees have ownership at MoonPay
Pay for performance equity bonus: Those who drive outsized outcomes receive outsized rewards
Moonshot award. We honor exceptional impact - 10 employees twice a year, each earning a $250,000 equity grant.
Unlimited holidays: We give you the autonomy to choose when to work (and when to switch off)
Hybrid working schedule: Work fully remotely or your nearest Moonbase, the choice is yours
Private Healthcare benefits: To protect you and your loved ones
Enhanced parental leave: So you can spend more time with your loved ones without a second thought
Annual training budget: We support your training journey every step of the way
Home office setup allowance: Create the home office of your dreams
Remote working allowance: Those working fully remotely get a little extra for utilities
Monthly budget to spend on our products and zero fee crypto transactions: Cultivate your inner DEGEN
Employee referral programme: Great people know great people, refer them to receive 10K in USDC
Regular remote company offsites: Meet your colleagues regularly for high impact in person sessions and hackathons
Working in a disruptive and fast-growing company where excellence is rewarded

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GoPythonNode.jsSASTDASTSCASecrets ScanningVulnerability ManagementCI/CDGitHub Actions

Soft Skills

collaborationanalytical skillsproblem-solvingself-motivationinnovationownershipcommunicationdriving adoptiontraining developmentremote work