Jobs that Pay in Crypto

As the Product Security Manager, you will play a pivotal role in securing the infrastructure that powers the Web3 economy. You will lead and scale two high-impact teams: Application Security and Vulnerability Management & Automation.

Your mission is to ensure that security is woven into the fabric of our product development lifecycle, empowering our engineers to build fast without compromising on safety. You will be a mentor, a strategist, and a leader helping MoonPay maintain its reputation as the most trusted brand in the space.

You are a natural leader able to influence different parts of the business with security initiatives and negotiate the best security solutions for new challenges and unexplored territories

• Lead and Mentor: Oversee the day-to-day operations and career development of the Application Security and Vulnerability Management & Automation teams.

• Security Strategy: Define the roadmap for product security, focusing on scalable automation and proactive defense mechanisms.

• Vulnerability Management: Drive the end-to-end lifecycle of vulnerability discovery, triaging, and remediation across our entire ecosystem.

• Application Security: Improve security tooling (SAST, DAST, SCA) into CI/CD pipelines and lead threat modeling sessions and penetration testing for new features.

• Cross-Functional Collaboration: Partner with Engineering and Product leaders and help and influence with security topics new business units and acquisitions to prioritize security debt and promote a culture of Security by Design.

• Incident Response: Lead high-priority security incidents and investigations and improve processes, manage team rotas and escalations.

• Regulatory and Compliance: Support organisation maintain or acquire new critical certifications such as SOC2, PCI, CIS TOP 18, ISO27001.

• Experienced Leader: You have a proven track record of managing technical security teams in high-growth, cloud-native environments.

• Adaptive in Ambiguity: As our team moves at a very fast pace, you must be comfortable navigating ambiguity and resolving unclear or evolving topics effectively.

• Technical Depth: You possess a strong background in application security, penetration testing and software engineering.

• Automation Mindset: You believe that manual processes are bugs and have experience building or implementing automated security scanning and reporting tools.

• Strategic Thinker: You can balance immediate tactical needs with long-term security goals.

• Web3 Enthusiast: You are curious about (or experienced in) blockchain technology, smart contract security, and the unique challenges of the Web3 landscape.

The Product Security team operates within a cutting-edge technological environment and focuses on several critical areas to ensure the highest level of security for our platform and products.

• Modern Tech Stack and Infrastructure: We leverage an advanced cloud infrastructure designed for high scalability and resilience. Our development and deployment processes are built upon robust CI/CD environments, necessitating security integration at every stage, from code commit to production deployment. This involves securing containers, serverless components, and sophisticated cloud-native networking configurations.

• Scalable Automation Frameworks: To effectively manage security risks across a rapidly expanding codebase and infrastructure, we utilize and develop both custom-built and industry-standard tools for vulnerability management. This includes automated security testing, dependency scanning, misconfiguration detection, and streamlined vulnerability triage and remediation workflows, all designed to operate effectively at scale.

• Securing the Next Generation of Features: A major strategic focus is on securing our next generation of AI-enabled features. This involves proactive security measures related to Large Language Models (LLMs) and other AI components. Our goal is to ensure data privacy and integrity within all model interactions and maintain compliance with responsible AI principles.

• Diverse and Proactive Application Security Services: We offer a full spectrum of proactive security guidance and services tailored to the needs of various engineering and business lines. This includes comprehensive penetration testing (both internal and external), in-depth threat modeling during the design phase of new features, security architecture reviews, and the development of secure coding standards. These services are provided across a wide variety of applications and business lines, from core financial services to new user-facing products.

• Continuous Improvement and Security Posture Enhancement: We maintain a strong commitment to the principle of continuous improvement. This involves constantly exploring and identifying opportunities to level up the security posture across the entire organization. This includes enhancing tooling, refining processes, developing and delivering security training to engineering teams, and driving large-scale security initiatives.

• Secure Development Lifecycle Guidance: A core responsibility is to guide engineering teams on adopting best practices for the secure development and deployment of their applications. This encompasses promoting a security-first culture, embedding security requirements into the SDLC, providing timely consultation on security issues, and helping teams implement security controls effectively.