Application Security Engineer - Remote

About the Role

We're hiring an Application Security Engineer to join our dynamic team at MoonPay. This remote position offers the opportunity to work with a leading company in the crypto space, dedicated to making digital money universally accessible. As an Application Security Engineer remote, you will play a crucial role in enhancing our security posture and ensuring the safety of our applications.

What You'll Do

• Conduct threat modeling reviews of Technical Design Documents (TDDs) for new and existing features, providing clear, actionable security recommendations early in the design process.
• Perform and support application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept (PoC) development where appropriate.
• Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation.
• Own and continuously improve application-layer protections, including managing and tuning Cloudflare WAF and related security controls.
• Partner closely with engineering teams to embed security best practices throughout the SDLC, from design and development through deployment and maintenance.
• Research and track emerging threats and vulnerabilities, translating findings into practical mitigation strategies relevant to our technology stack.
• Develop and deliver security guidance, training, and awareness for engineering teams to raise the overall security maturity of the organization.
• Contribute to the creation, maintenance, and evolution of security standards, processes, and documentation.
• Participate in and eventually lead incident response activities, supporting investigation, containment, remediation, and post-incident improvements.

Requirements

• Experience across multiple security domains, including web and mobile application security, infrastructure, and cloud security.
• Hands-on experience performing white-box, source code-assisted web and mobile application penetration testing.
• Ability to read, understand, and review source code, particularly in JavaScript and TypeScript.
• Strong understanding of Threat Modeling principles and their practical application to the secure software development lifecycle (SDLC).
• Experience working with web application firewalls to protect applications and assess coverage.
• Experience embedding application security practices into CI/CD pipelines.
• Excellent communication skills to convey security findings to both technical and non-technical audiences.
• Self-motivated and proactive, with strong ownership of your work in a remote environment.

Nice to Have

• Experience with Cloudflare and its security capabilities.
• Experience testing and securing GraphQL and REST APIs.
• Interest in Web3 security testing, including smart contracts and blockchain applications.
• Contributions to the security community through open source involvement or speaking at conferences.

What We Offer

• Competitive salary package.
• Equity package for all employees.
• Pay for performance equity bonus.
• Unlimited holidays for work-life balance.
• Hybrid working schedule - fully remote or nearest Moonbase.
• Private healthcare benefits.
• Annual training budget for professional development.
• Home office setup allowance.
• Remote working allowance for utilities.
• Employee referral program with rewards.

Join us at MoonPay as we build the future of payments and the decentralized economy. If you are passionate about application security and want to make a real impact, apply now for this Application Security Engineer remote position!