FreeHire

MoonPay

Senior Application Security Engineer

Show

You will join a security program focused on protecting the platform and its users. You will perform threat modelling across technical designs and feature changes, shaping secure architectures with clear guidance. You will conduct and assist with application security assessments including penetration testing vulnerability assessments and PoC development where appropriate. You will investigate and triage Bug Bounty submissions validate findings and drive timely remediation with engineering teams. You will own and continuously improve application layer protections including Cloudflare WAF and related controls. You will partner with engineers to embed security best practices throughout the SDLC from design through deployment and maintenance. You will research emerging threats and translate findings into practical mitigations for our technology stack. You will develop and deliver security guidance training and awareness programs to raise the security maturity of the organization. You will contribute to security standards processes and documentation and participate in incident response activities with a view to continual improvement. You will stay curious and proactive thriving in a fast paced environment while collaborating remotely.

Responsibilities

  • Conduct threat modelling reviews of Technical Design Documents (TDDs) for new and existing features, providing clear actionable security recommendations early in the design process.
  • Perform and support application security assessments, including penetration testing, vulnerability assessments, and PoC development where appropriate.
  • Investigate, triage, and respond to Bug Bounty program submissions, validating findings and driving timely remediation with engineering teams.
  • Own and continuously improve application-layer protections, including managing and tuning Cloudflare WAF and related security controls.
  • Partner closely with engineering teams to embed security best practices throughout the SDLC, from design and development through deployment and maintenance.
  • Research and track emerging threats and vulnerabilities, translating findings into practical mitigation strategies relevant to our technology stack.
  • Develop and deliver security guidance, training, and awareness for engineering teams to raise the overall security maturity of the organization.
  • Contribute to the creation, maintenance, and evolution of security standards, processes, and documentation.
  • Participate in and eventually lead incident response activities, supporting investigation, containment, remediation, and post-incident improvements.

Requirements

  • Breadth of experience across multiple security domains including web and mobile application security infrastructure and cloud security
  • Hands-on experience performing white-box source code assisted web and mobile application penetration testing from vulnerability discovery through triage and exploitation
  • Ability to read understand and review source code with a focus on JavaScript and TypeScript codebases
  • Strong understanding of Threat Modelling principles and their application to the secure software development lifecycle
  • Experience working with web application firewalls to protect applications assess coverage and support tuning rules
  • Experience embedding application security practices into CI/CD pipelines enabling early detection of vulnerabilities and close collaboration with engineering teams
  • Experience collaborating with engineering teams to clearly communicate findings explain vulnerabilities attack paths and mitigations to both technical and non-technical audiences
  • Self-motivated proactive and able to operate effectively in a remote environment while maintaining a collaborative mindset
  • Nice to have experience in JavaScript and TypeScript including reading and reasoning about modern web application codebases
  • Nice to have experience with Cloudflare hosting and its Web Application Firewall (WAF)
  • Nice to have experience testing and securing GraphQL REST APIs and understanding related attack vectors
  • Nice to have experience or interest in Web3 security testing including smart contracts blockchain based applications or Web3 integrations
  • Nice to have interest in agentic engineering and related patterns

Benefits

  • Competitive salary package
  • Equity package
  • Pay for performance equity bonus
  • Moonshot award
  • Unlimited holidays
  • Hybrid working schedule
  • Private Healthcare benefits
  • Enhanced parental leave
  • Annual training budget
  • Home office setup allowance
  • Remote working allowance
  • Monthly budget to spend on our products and zero fee crypto transactions
  • Employee referral programme
  • Regular remote company offsites
  • Working in a disruptive and fast-growing company where excellence is rewarded