Remote Application Security Engineer

Description:

• OnePay is a consumer financial services app aimed at helping people achieve financial progress.
• The company addresses the needs of tens of millions of unbanked or underbanked Americans by providing accessible banking, credit, and payment products.
• OnePay's product offerings include checking and high-yield savings accounts, domestic and international peer-to-peer payments, credit builder and credit score monitoring, digital wallet/contactless payment solutions, and buy-now-pay-later installment loans at Walmart.
• The Application Security Engineer will play a crucial role in safeguarding the platform by designing secure AWS architectures and embedding automated threat detection to protect customer transactions.
• Responsibilities include architecting and implementing secure AWS configurations, embedding security into CI/CD pipelines, securing container and orchestration environments, conducting threat modeling sessions, performing secure code reviews, automating repetitive security tasks, building in-house AppSec automation frameworks, partnering with security architecture teams, and supporting regulatory compliance assessments.

Requirements:

• Candidates must have 8–12 years of experience in application security engineering, DevSecOps, or security platform engineering.
• A deep familiarity with CVSS, MITRE ATT&CK frameworks, OWASP Top 10, and CWE taxonomy is required.
• Proven experience with AWS core services such as IAM, KMS, VPC, EC2, RDS, and EKS is essential.
• Hands-on expertise in securing Infrastructure as Code (IaC) and CI/CD pipelines, along with strong knowledge of policy-as-code tooling, is necessary.
• Container security experience with Docker, Kubernetes, and EKS-related threat surfaces is required.
• Solid skills in threat modeling and secure code review, as well as proficiency in SAST/SCA tools, are needed.
• Experience in scripting automation using languages like Python, Bash, or PowerShell to streamline AppSec tasks is required.
• Candidates should have the capability to lead in-house AppSec frameworks or tooling development.
• Strong communication skills are necessary to translate technical findings to non-technical stakeholders.
• A track record of defining and institutionalizing security architecture patterns is essential.

Benefits:

• OnePay offers a competitive salary and benefits package.
• Employees will have the opportunity to work in a dynamic and innovative environment.
• The company promotes a culture of diversity and inclusion, encouraging candidates from all backgrounds to apply.
• OnePay provides support for applicants needing special assistance or accommodation during the interview process.