Join OnePay: Revolutionizing Finance, Secured by You.
OnePay is transforming the financial landscape, making money better for millions of Americans. We believe the traditional financial system is broken – bogged down by high fees, low rates, and limited growth opportunities. We're on a mission to fix it, and we're moving at an incredible pace.
We've built an all-in-one financial services platform, seamlessly integrating banking, high-yield savings, credit cards, point-of-sale lending, investing, and crypto. Beyond direct consumers, we empower millions of employees and frontline workers through embedded financial services partnerships with employers, HCM providers, and gig platforms.
Our journey is supercharged by the backing of industry giants: Walmart, the world's largest retailer, and Ribbit Capital, a leading fintech investor. This unique combination provides us with unparalleled scale, distribution, and the rare opportunity to build a truly category-defining financial product.
At OnePay, our speed is our strength. Our customers can't wait, and neither can we. This is a dynamic, high-impact environment, and we're seeking individuals who are: Ready to run with innovative solutions and embrace challenges. The Role: Product Security Engineer What You'll Be Doing: Conduct threat modeling sessions and risk-driven design reviews early in the development lifecycle to preempt vulnerabilities. What You'll Bring to the Team 4+ years of dedicated experience in application security engineering, DevSecOps, or security platform engineering. Our Cutting-Edge Stack What We Offer A competitive base salary, significant stock options, and comprehensive health benefits from Day 1. Our Interview Process Initial Interview with a Talent Partner Equal Employment Opportunity
Hungry, driven by urgency, and passionate about making a difference.
Exceptional in their craft, with a low-ego, collaborative mindset.
Comfortable and thriving while operating in motion.
Forge the Future of Fintech Security
As a Product Security Engineer at OnePay, you'll play a truly pivotal role in safeguarding our entire platform and the financial well-being of our users. You'll drive security from the ground up, influencing everything from designing intrinsically secure AWS architectures to embedding automated threat detection that protects every customer transaction. Your expertise will be critical in ensuring we not only meet but exceed rigorous compliance standards (PCI, CCPA, GLBA), upholding the highest levels of trust and reliability our users expect.
Perform secure code reviews and comprehensive static/dynamic analysis, then partner with development teams to ensure timely and effective remediation.
Automate repetitive security tasks such as vulnerability triage, code scanning, and security tool orchestration to enhance efficiency.
Build and extend in-house AppSec automation frameworks and sophisticated penetration testing tooling.
Collaborate closely with security architecture and detection teams on SIEM tuning, logging, and telemetry alignment.
Architect and implement secure AWS configurations, including IAM roles/policies, encryption keys, and VPC segmentation.
Embed robust security controls into CI/CD pipelines and repositories using policy-as-code tools (e.g., pre-commit hooks, SAST/SCA, IDE tool integrations).
Secure container and orchestration environments (EKS, Kubernetes, Docker) adhering to industry best practices.
Develop and enforce AppSec standards and security patterns across product teams, continuously iterating through feedback loops.
Support regulatory and compliance assessments (PCI, CCPA, GLBA) as an expert resource.
We're looking for a cybersecurity professional who combines deep technical prowess with a proactive, builder mindset. Your expertise will be essential in shaping the security posture of our rapidly evolving platform.
Deep familiarity with foundational security frameworks: CVSS, MITRE ATT&CK, OWASP Top 10, and CWE taxonomy.
Proven hands-on experience with core AWS services: IAM, KMS, VPC, EC2, RDS, EKS.
Expertise in securing Infrastructure as Code (IaC) and CI/CD pipelines, with strong knowledge of policy-as-code tooling.
Extensive container security experience, including Docker, Kubernetes, and EKS-related threat surfaces.
Solid threat modeling and secure code review skills, coupled with proficiency in SAST/SCA tools.
Demonstrated experience scripting automation (e.g., Python, Bash, PowerShell) to streamline AppSec tasks.
Capability to lead the development and enhancement of in-house AppSec frameworks or tooling.
A strong communicator, adept at translating complex technical findings to diverse non-technical stakeholders.
A track record of defining and institutionalizing security architecture patterns across engineering teams.
We leverage a modern and robust technology stack to deliver our platform. Our server-side applications are built with Node and TypeScript, utilizing the NestJS framework within a microservice-oriented architecture running on Kubernetes and AWS. On the client side, we develop and ship product features for iOS, Android, and web platforms using React Native. While direct experience with our exact stack isn't a strict requirement, a solid understanding of modern software engineering practices will enable you to ramp up quickly and make an immediate impact.
We believe in rewarding our team members generously for their hard work and dedication. Join us and enjoy:
A 401(k) plan with a company match to help secure your future.
A remote-friendly (US) work environment, flexible time off (FTO), and abundant opportunities for professional growth and career advancement.
A high-growth, mission-driven, and inclusive culture where your contributions have a tangible and meaningful impact on millions of lives.
We strive for a transparent and engaging interview experience:
Technical or Hiring Manager Interview
Team Interview
Executive Interview
Offer!
To build truly innovative technology and products that are loved by people and solve real-world problems, we need a diverse team with varied perspectives and experiences. OnePay is an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We strongly encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at [email protected].