Senior Security Engineer - Automation

Remote $210k–$221k senior 1 month ago full-time quality 9/10
GoPythonNode.jsSASTDASTSCASecrets ScanningGitHubAWSGCP
  • Design, implement, and manage the integration of security tooling (SAST, DAST, SCA, Secrets Scanning) into our CI/CD pipelines.
  • Develop and maintain automation scripts and platforms to streamline security processes and workflows.
  • Own and operate the end-to-end vulnerability management lifecycle: identification, triage, prioritization, distribution, tracking, and reporting.
  • Collaborate closely with engineering teams to ensure timely remediation of identified vulnerabilities and provide guidance on secure coding practices.
  • Drive the adoption and implementation of the SLSA framework to enhance supply chain security.
  • Continuously evaluate and improve existing security automation and vulnerability management workflows, bringing innovation and ownership to the process.
  • Research emerging threats and vulnerabilities, particularly those relevant to our tech stack and development practices, translating findings into actionable detection or prevention mechanisms.
  • Develop and maintain documentation for security automation tools, processes, and vulnerability management procedures.
  • Assist in triaging and validating findings from various sources, including automated scanners, penetration tests, and bug bounty programs.
  • Contribute to security training materials focused on secure development practices and the tools you implement.
  • Support incident response activities, particularly where automation or vulnerability data can aid investigation and remediation.
  • Champion and execute the security team's automation strategy for cross-functional needs, actively seeking and implementing automation opportunities based on team feedback.
  • Solid background in software development with demonstrable experience, ideally using languages common in backend or infrastructure development (e.g., Go, Python, Node.js).
  • Strong passion for cybersecurity and keen to focus your career on security automation and vulnerability management.
  • Understanding of security tools like SAST, DAST, SCA, and secrets scanning solutions within a CI/CD environment (here at MoonPay we use Github).
  • Understanding of the principles of vulnerability management, including prioritization frameworks (e.g., CVSS) and remediation tracking.
  • Familiarity with the concepts and goals of the SLSA framework or similar supply chain security initiatives.
  • Excellent collaboration skills with technical teams, explaining security concepts and tooling requirements clearly.
  • Strong analytical and problem-solving skills, with an ability to identify inefficiencies and propose automated solutions.
  • Self-motivated, innovative, take ownership of your work, and can operate effectively in a remote, fast-paced environment.
  • Experience working in disruptive technology, FinTech, SaaS, or Crypto sectors is a plus.
  • Familiarity with cloud security principles (AWS, GCP) is beneficial.
  • Deep understanding of GitHub's functionalities, including advanced features, security settings, and API capabilities.
  • Strong administrative skills in managing and maintaining GitHub Enterprise environments, including user access, repository management, and organization settings.
  • Familiarity with GitHub Actions for workflow automation and security enforcement.
  • Salary: $209,664 - $220,699 a year.
  • Full-time employment.
  • Opportunity to work in a dynamic and innovative environment.

Similar jobs

Before you apply

  • Legitimate employers never ask you to pay anything to apply or get hired.
  • Never share seed phrases or private keys. No real job needs them.
  • Do not install software ("test tasks", "trading tools", "video call clients") sent during hiring.
  • Check that the application page's domain really belongs to MoonPay.