United States onlyOnePay is a consumer fintech company that provides an all-in-one financial services platform. We're seeking an AppSec Engineer to join our team and help safeguard our platform.
Requirements
- 4+ years of experience in application security engineering, DevSecOps, or security platform engineering
- Deep familiarity with CVSS, MITRE ATT&CK frameworks, OWASP Top 10 and CWE taxonomy
- Proven experience with AWS core services: IAM, KMS, VPC, EC2, RDS, EKS
- Hands-on expertise in securing IaC and CI/CD pipelines; strong knowledge of policy-as-code tooling
- Container security experience: Docker, Kubernetes, EKS-related threat surfaces
- Solid threat modeling and secure code review skills; SAST/SCA tool proficiency
- Experience scripting automation (e.g. Python, Bash, PowerShell) to streamline AppSec tasks
- Capability to lead in-house AppSec frameworks or tooling development
- Strong communicator, able to translate technical findings to non-technical stakeholders
Benefits
- Competitive base salary
- Stock options
- Health benefits from Day 1
- 401(k) plan with company match
- Remote-friendly (US), flexible time off (FTO), and opportunities for growth
