About OnePay
OnePay is a consumer financial services app with an exceedingly simple mission: to help people achieve financial progress.
Tens of millions of Americans today are unbanked or underbanked, meaning they don’t have enough money in savings to cover a minor emergency. They pay too much in fees, don’t have access to credit at affordable rates, and have little ability to grow their wealth. OnePay’s vision is to create a single app for consumers to save, spend, borrow, and grow their money, bringing our mission to life with simple and accessible banking, credit, and payments products that deliver a best-in-class experience to millions of customers. Our products include:
Checking and high-yield savings accounts
Domestic and international peer-to-peer payments
Credit Builder and credit score monitoring
Digital wallet / contactless payment solutions
Buy-now-pay-later installment loans at Walmart
Why do we have a right to win? We have the backing of Walmart (a Fortune 1) and Ribbit Capital (a preeminent fintech investor), are deeply embedded with the distribution of the world’s largest omnichannel retailer, and have an industry-leading multi-product value proposition — all in addition to having some of the best people and talent in the industry.
There’s never been a better time to build a category-defining business and there has rarely been a team better positioned for the opportunity. Join us!
The role
As a Product Security Engineer, you'll be responsible for ensuring that OnePay delivers secure and reliable applications at scale. By partnering with engineers to build security into the product from the ground up, you’ll be creating engineering tools and workflows that test and validate artifacts and actively developing security frameworks. You’ll provide subject-matter expertise to product teams regarding security best practices, optimize our secure coding practices, and use offensive security techniques to harden our environment and help improve our overall security posture. Come be the champion of modern Product Security Engineering at OnePay and have a direct impact on the security of all of our products!
This role is responsible for:
Architecting and implementing secure AWS configurations, including IAM policies, encryption, and network segmentation.
Securing CI/CD pipelines and code repositories, integrating policy-as-code tools to enforce security standards.
Enhancing container and orchestration security (Docker, Kubernetes, EKS) to ensure safe and reliable production environments.
Conducting threat modeling exercises to identify and addressing risks in early stages of development.
Performing secure code reviews, leveraging SAST/SCA tools, and guiding remediation with development teams.
Automating routine security tasks using scripting languages, improving efficiency and accuracy.
Developing, maintaining, and extending our in-house application security and penetration testing automated testing framework.
Working with the Security and other engineering teams to maintain a security architecture that provides security controls throughout all platforms to mitigate risk, and to meet goals and regulatory requirements.
You bring
10+ years of experience in security engineering, DevSecOps, and application development.
Excellent knowledge of the CVSS, MITRE ATT&CK, and OWASP Top 10.
Practical understanding of AWS and its core services (VPC, EC2, RDS).
Hands-on experience securing IaC and CI/CD pipelines, including code scanning and policy enforcement tools.
Strong knowledge of container security best practices and orchestration platforms.
Practical experience in application security, including threat modeling, secure code review, and penetration testing.
Familiarity with detection engineer, SIEM tuning, and scripting automation.
Demonstrated experience in modern application architecture and deployment practices.
Expertise in verifying and measuring common security vulnerabilities, and demonstrated ability to communicate these concepts to technical and non-technical partners.
Experience defining security architecture patterns and standards.
Preferably, understanding of regulatory compliance concerns (GLBA, CCPA, PCI).
The Triple H Factor: Humble, Hungry and Honest.
What We Offer
Competitive base salary, stock options, and health benefits from Day 1
401(k) plan with company match
Remote-friendly (US), flexible time off (FTO), and opportunities for growth
A high-growth, mission-driven, inclusive culture where your work has real impact
Pay Transparency
The estimated annual base salary for this position ranges from $170,000 to $210,000. Pay is generally based upon the level, complexity, responsibility, location and job duties / requirements of the specific position. We then source candidates with the requisite skills, expertise, education, training, and experience. If you are selected for an interview, please feel welcome to speak to a Talent Partner about our compensation philosophy and other available benefits.
We use Covey as part of our hiring process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on May 31, 2024.
Please see the independent bias audit report covering our use of Covey here.
Standard Interview Process
Initial Interview with Talent Partner
Technical or Hiring Manager Interview
Team Interview
Executive Interview
Offer!
Equal Employment Opportunity
To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at talent@onepay.com.