Secure the Future of Finance with OnePay!
OnePay is on a mission to revolutionize financial services, empowering millions to achieve financial progress. We're building a single, intuitive app to help people save, spend, borrow, and grow their money. Backed by Walmart (Fortune 1) and Ribbit Capital, we're uniquely positioned to disrupt the industry and redefine financial accessibility.
Join our team and play a critical role in securing the next generation of financial technology!
About the Role: Application Security Engineer
As an Application Security Engineer, you'll be a key player in safeguarding our platform and protecting our users. You will be responsible for ensuring the security of our AWS infrastructure, embedding automated threat detection into our CI/CD pipeline, and maintaining compliance with rigorous industry standards. If you're passionate about securing innovative financial solutions, this is your chance to make a real impact.
What You'll Do:
Architect and implement secure AWS configurations, focusing on IAM roles/policies, encryption keys, and VPC segmentation.
Integrate security into CI/CD pipelines and repositories using policy-as-code tools (pre-commit hooks, SAST/SCA, IDE tool integrations).
Secure container and orchestration environments (EKS, Kubernetes, Docker) based on industry best practices.
Lead threat modeling sessions and risk-driven design reviews early in the development lifecycle.
Conduct secure code reviews and static/dynamic analysis, collaborating with development teams on remediation.
Automate repetitive security tasks, including vulnerability triage, code scanning, and tool orchestration.
Develop and expand in-house AppSec automation frameworks and penetration testing tooling.
Partner with security architecture and detection teams to improve SIEM tuning, logging, and telemetry alignment.
Define and enforce AppSec standards and patterns across product teams, iterating based on feedback loops.
Support regulatory and compliance assessments (PCI, CCPA, GLBA) as required.
What You'll Bring:
8–12 years of experience in application security engineering, DevSecOps, or security platform engineering.
Deep understanding of CVSS, MITRE ATT&CK frameworks, OWASP Top 10, and CWE taxonomy.
Proven experience with AWS core services: IAM, KMS, VPC, EC2, RDS, EKS.
Hands-on expertise in securing Infrastructure as Code (IaC) and CI/CD pipelines, with strong knowledge of policy-as-code tooling.
Experience with container security: Docker, Kubernetes, and EKS-related threat surfaces.
Solid threat modeling and secure code review skills, along with proficiency in SAST/SCA tools.
Experience scripting automation (e.g., Python, Bash, PowerShell) to streamline AppSec tasks.
Ability to lead the development of in-house AppSec frameworks and tooling.
Excellent communication skills, capable of translating technical findings to non-technical stakeholders.
A track record of defining and institutionalizing security architecture patterns.
Join Our Team!
If you're ready to tackle exciting challenges and shape the future of financial security, we encourage you to apply!
Our Interview Process:
Initial Interview with Talent Partner
Technical or Hiring Manager Interview
Team Interview
Executive Interview
Offer!
Equal Opportunity Employer
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage all qualified individuals to apply.