Key skills
PythonGoNode.jsAWSGCPGitHub ActionsGitHubRepositorySaaSCI/CDCloud Security
About this role
MoonPay is a unified payments platform for digital currency, dedicated to onboarding the world to the decentralized economy. The Senior Security Engineer - Automation will focus on integrating security into the software development lifecycle, managing vulnerability processes, and enhancing security automation within the organization.
Responsibilities:
- Design, implement, and manage the integration of security tooling (SAST, DAST, SCA, Secrets Scanning) into our CI/CD pipelines
- Develop and maintain automation scripts and platforms to streamline security processes and workflows
- Own and operate the end-to-end vulnerability management lifecycle: identification, triage, prioritization, distribution, tracking, and reporting
- Collaborate closely with engineering teams to ensure timely remediation of identified vulnerabilities and provide guidance on secure coding practices
- Drive the adoption and implementation of the SLSA framework to enhance supply chain security
- Continuously evaluate and improve existing security automation and vulnerability management workflows, bringing innovation and ownership to the process
- Research emerging threats and vulnerabilities, particularly those relevant to our tech stack and development practices, translating findings into actionable detection or prevention mechanisms
- Develop and maintain documentation for security automation tools, processes, and vulnerability management procedures
- Assist in triaging and validating findings from various sources, including automated scanners, penetration tests, and bug bounty programs
- Contribute to security training materials focused on secure development practices and the tools you implement
- Support incident response activities, particularly where automation or vulnerability data can aid investigation and remediation
- Champion and execute the security team's automation strategy for cross-functional needs, actively seeking and implementing automation opportunities based on team feedback
Requirements:
- Solid background in software development with demonstrable experience, ideally using languages common in backend or infrastructure development (e.g., Go, Python, Node.js)
- Strong passion for cybersecurity and have transitioned or are keen to focus your career on security automation and vulnerability management
- Understanding on security tools like SAST, DAST, SCA, and secrets scanning solutions within a CI/CD environment (here at MoonPay we use Github)
- Understanding the principles of vulnerability management, including prioritization frameworks (e.g., CVSS) and remediation tracking
- Familiarity with the concepts and goals of the SLSA framework or similar supply chain security initiatives
- Excel at collaborating with technical teams, explaining security concepts and tooling requirements clearly, and driving adoption of new processes
- Strong analytical and problem-solving skills, with an ability to identify inefficiencies and propose automated solutions
- Self-motivated, innovative, take ownership of your work, and can operate effectively in a remote, fast-paced environment
- Collaborate closely with Application Security and Cloud Security teams to translate their operational needs into actionable automation requirements, taking ownership of implementing related security initiatives
- Experience working in disruptive technology, FinTech, SaaS, or Crypto sectors
- Familiarity with cloud security principles (AWS, GCP)
- Possess a deep understanding of GitHub's functionalities, including advanced features, security settings, and API capabilities
- Demonstrate strong administrative skills in managing and maintaining GitHub Enterprise environments, including user access, repository management, and organization settings
- Familiarity with GitHub Actions for workflow automation and security enforcement