Senior Security Engineer Automation

About MoonPay Hi, we're MoonPay. We're here to onboard the world to the decentralized economy by making digital money move as universally and effortlessly as the internet. Why? Because crypto, stablecoins and blockchain aren't just technologies. They're tools for global financial empowerment. They give people and businesses more control over their money, their digital assets, and their future, opening access to legacy financial systems that have been out of reach for many. What we do MoonPay is a unified payments platform for digital currency. We make it easy for anyone, anywhere, to buy, sell, swap and pay in digital currencies as easy as sending an email. That simplicity is intentional, our focus is reducing complexity so people can participate confidently, without needing to be crypto experts. We power the entire flow between fiat and crypto end to end, with compliance, identity checks, fraud prevention, and settlement all built in. This end-to-end approach reflects how we work internally: with accountability, rigor, and trust built into everything we ship. Proven at scale Trusted by over 30 million customers and over 500 ecosystem partners, our secure, enterprise-grade platform is driving mainstream crypto adoption worldwide. Behind those numbers are millions of real people and organizations relying on MoonPay every day. We collaborate with innovative brands and projects to build secure, scalable solutions for a blockchain-powered future. This is an opportunity to help shape systems, not just scale them. And we're committed to doing it right. Fully licensed in the U.S. and regulated across the UK, EU, Canada, and Australia, because trust and compliance are non-negotiable. But we're just getting started. We've launched a consumer app that makes crypto accessible, intuitive, and usable for everyone, and it's growing fast. We're iterating every day to make it the best it can be. If you believe financial freedom should be for everyone. If you believe in building a fairer, more open financial system - we want you with us. To build systems that benefit all, we need contributions from all, regardless of background. Come build the future of payments and the decentralized economy with MoonPay. Let's make financial freedom and autonomy the new normal. About the Opportunity Our Product Security Squad is a dynamic blend of proactive defenders and inquisitive problem-solvers. We're dedicated to fortifying our systems through rigorous security reviews, hands-on penetration testing, and proactive threat modelling. We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of security services to our Engineering teams including cloud security, tailored security advice, threat modelling and penetration testing. Collaboration is key, as we embed security best practices throughout the SDLC. Crucially, we are expanding our capabilities in security automation and vulnerability management, integrating tooling directly into development workflows and driving efficient vulnerability resolution across the organization. We are constantly researching emerging threats, crafting effective mitigation strategies, empowering our engineering teams with comprehensive training, maintaining up-to-date security standards, and leading incident response with precision. We are passionate about fostering a secure environment and contributing to the wider security community. What you will do • Design, implement, and manage the integration of security tooling (SAST, DAST, SCA, Secrets Scanning) into our CI/CD pipelines. • Develop and maintain automation scripts and platforms to streamline security processes and workflows. • Own and operate the end-to-end vulnerability management lifecycle: identification, triage, prioritization, distribution, tracking, and reporting. • Collaborate closely with engineering teams to ensure timely remediation of identified vulnerabilities and provide guidance on secure coding practices. • Drive the adoption and implementation of the SLSA framework to enhance supply chain security. • Continuously evaluate and improve existing security automation and vulnerability management workflows, bringing innovation and ownership to the process. • Research emerging threats and vulnerabilities, particularly those relevant to our tech stack and development practices, translating findings into actionable detection or prevention mechanisms. • Develop and maintain documentation for security automation tools, processes, and vulnerability management procedures. • Assist in triaging and validating findings from various sources, including automated scanners, penetration tests, and bug bounty programs. • Contribute to security training materials focused on secure development practices and the tools you implement. • Support incident response activities, particularly where ...