About OnePayOnePay is an all-in-one financial platform driven by a simple mission: better money makes life better.Tens of millions of Americans today are unbanked or underbanked, meaning they don’t have enough money in savings to cover a minor emergency. They pay too much in fees, don’t have access to credit at affordable rates, and have little ability to grow their wealth. OnePay’s vision is to create a single app for consumers to save, spend, borrow, and grow their money, bringing our mission to life with simple and accessible banking, credit, and payments products that deliver a best-in-class experience to millions of customers. Our products include:Checking and high-yield savings accountsDomestic and international peer-to-peer paymentsCredit Builder and credit score monitoringDigital wallet / contactless payment solutionsCredit card programBuy-now-pay-later installment loans at WalmartPrepaid mobile serviceWhy do we have a right to win? We have the backing of Walmart (a Fortune 1) and Ribbit Capital (a preeminent fintech investor), are deeply embedded with the distribution of the world’s largest omnichannel retailer, and have an industry-leading multi-product value proposition — all in addition to having some of the best people and talent in the industry.There’s never been a better time to build a category-defining business and there has rarely been a team better positioned for the opportunity. Join us!The RoleOur Application Security Engineers play a pivotal role in safeguarding our platform, driving everything from designing secure AWS architectures to embedding automated threat detection that protects customer transactions. Your work will ensure we meet rigorous compliance standards (PCI, CCPA, GLBA) and maintain the highest levels of trust and reliability for our users.Architect and implement secure AWS configurations (IAM roles/policies, encryption keys, VPC segmentation)Embed security into CI/CD pipelines and repos using policy-as-code tools (pre-commit hooks, SAST/SCA, IDE tool integrations)Secure container and orchestration environments (EKS, Kubernetes, Docker) per best practicesConduct threat modeling sessions and risk‑driven design reviews early in developmentPerform secure code reviews and static/dynamic analysis; oversee remediation with dev teamsAutomate repetitive security tasks—vulnerability triage, code scanning, tool orchestrationBuild and extend in-house AppSec automation frameworks or pentest toolingPartner with security architecture and detection teams (SIEM tuning, logging, telemetry alignment)Develop and enforce AppSec standards and patterns across product teams; iterate through feedback loopsSupport regulatory or compliance assessments (PCI, CCPA, GLBA) as neededYou Bring8–12 years’ experience in application security engineering, DevSecOps, or security platform engineeringDeep familiarity with CVSS, MITRE ATT&CK frameworks, OWASP Top 10 and CWE taxonomyProven experience with AWS core services: IAM, KMS, VPC, EC2, RDS, EKSHands-on expertise in securing IaC and CI/CD pipelines; strong knowledge of policy-as-code toolingContainer security experience: Docker, Kubernetes, EKS-related threat surfacesSolid threat modeling and secure code review skills; SAST/SCA tool proficiencyExperience scripting automation (e.g. Python, Bash, PowerShell) to streamline AppSec tasksCapability to lead in-house AppSec frameworks or tooling developmentStrong communicator, able to translate technical findings to non-technical stakeholdersTrack record of defining and institutionalizing security architecture patternsTools We UseWe use Node and TypeScript on the server, leveraging the NestJS framework within a microservice-oriented architecture running on Kubernetes and AWS. On the client side, we build and ship product features for iOS, Android, and web platforms using React Native. While you don’t need experience with our exact stack, familiarity with modern software engineering practices will help you ramp up quickly.What We OfferCompetitive base salary, stock options, and health benefits from Day 1401(k) plan with company matchRemote-friendly (US), flexible time off (FTO), and opportunities for growthA high-growth, mission-driven, inclusive culture where your work has real impactStandard Interview ProcessInitial Interview with Talent PartnerTechnical or Hiring Manager InterviewTeam InterviewExecutive InterviewOffer!Equal Employment OpportunityTo build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at [email protected].