{"schemaVersion":"jobsearcher.job.v1","id":"3f7e2b409997b6ec23fefc31","url":"https://jobsearcher.com/jobs/3f7e2b409997b6ec23fefc31","canonicalUrl":"https://jobsearcher.com/jobs/3f7e2b409997b6ec23fefc31","title":"Application Security Engineer","description":"About MoonPayHi, we're MoonPay. We're here to onboard the world to the decentralized economy by making digital money move as universally and effortlessly as the internet. Why? Because crypto, stablecoins and blockchain aren't just technologies. They're tools for global financial empowerment. They give people and businesses more control over their money, their digital assets, and their future, opening access to legacy financial systems that have been out of reach for many. What we doMoonPay is a unified payments platform for digital currency. We make it easy for anyone, anywhere, to buy, sell, swap and pay in digital currencies as easy as sending an email. That simplicity is intentional, our focus is reducing complexity so people can participate confidently, without needing to be crypto experts. We power the entire flow between fiat and crypto end to end, with compliance, identity checks, fraud prevention, and settlement all built in. This end-to-end approach reflects how we work internally: with accountability, rigor, and trust built into everything we ship. Proven at scaleTrusted by over 30 million customers and over 500 ecosystem partners, our secure, enterprise-grade platform is driving mainstream crypto adoption worldwide. Behind those numbers are millions of real people and organizations relying on MoonPay every day. We collaborate with innovative brands and projects to build secure, scalable solutions for a blockchain-powered future. This is an opportunity to help shape systems, not just scale them. And we're committed to doing it right. Fully licensed in the U.S. and regulated across the UK, EU, Canada, and Australia, because trust and compliance are non-negotiable. But we're just getting started. We've launched a consumer app that makes crypto accessible, intuitive, and usable for everyone, and it's growing fast. We're iterating every day to make it the best it can be. If you believe financial freedom should be for everyone. If you believe in building a fairer, more open financial system - we want you with us. To build systems that benefit all, we need contributions from all, regardless of background. Come build the future of payments and the decentralized economy with MoonPay. Let's make financial freedom and autonomy the new normal.\r\nLocations Supported UK US Poland Spain Portugal Relocation available: No Work pattern: This role will be remote.\r\nAbout the Opportunity\r\nOur Product Security team is a dynamic blend of proactive defenders and inquisitive problem-solvers. We are dedicated to strengthening our systems through rigorous security reviews and hands-on penetration testing, and we actively manage our Bug Bounty program to ensure timely validation, response, and remediation. We leverage cutting-edge tools and techniques to build robust defenses, and collaboration is central to how we work; embedding security best practices throughout the SDLC. We continuously research emerging threats, develop effective mitigation strategies, and empower engineering teams through clear guidance and practical security training. We maintain up-to-date security standards and documentation, lead incident response efforts with precision, and are passionate about spreading a secure-by-design culture while contributing to the wider security community.\r\nWhat You Will Do\r\nConduct threat modelling reviews of Technical Design Documents (TDDs) for new and existing features, providing clear, actionable security recommendations early in the design process.\r\nPerform and support application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept (PoC) development where appropriate.\r\nInvestigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation.\r\nOwn and continuously improve application-layer protections, including managing and tuning Cloudflare WAF and related security controls.\r\nPartner closely with engineering teams to embed security best practices throughout the SDLC, from design and development through deployment and maintenance.\r\nResearch and track emerging threats and vulnerabilities, translating findings into practical mitigation strategies relevant to our technology stack.\r\nDevelop and deliver security guidance, training, and awareness for engineering teams to raise the overall security maturity of the organization.\r\nContribute to the creation, maintenance, and evolution of security standards, processes, and documentation.\r\nParticipate in and eventually lead incident response activities, supporting investigation, containment, remediation, and post-incident improvements.\r\nAbout You\r\nYou have developed a breadth of experience across multiple security domains, including web and mobile application security, infrastructure and cloud security, and can connect these areas to drive a holistic security approach.\r\nYou have hands-on experience performing white-box, source code-assisted web and mobile application penetration testing, from vulnerability discovery through triage and exploitation.\r\nYou have the ability to read, understand, and review source code to identify security issues, with ideally, a particular focus on JavaScript and TypeScript codebases.\r\nYou have a strong understanding of Threat Modelling principles and their practical application to the secure software development lifecycle (SDLC).\r\nYou have experience working with web application firewalls to help protect applications, assess coverage, and support tuning rules to mitigate common attack patterns.\r\nYou have experience embedding application security practices into CI/CD pipelines, enabling early detection of vulnerabilities and close collaboration with engineering teams throughout the development lifecycle.\r\nYou have collaborated closely with engineering teams to clearly communicate security findings, explain vulnerabilities, attack paths, and mitigations, and support the implementation of effective fixes for both technical and non-technical audiences.\r\nYou are self-motivated, proactive, and take strong ownership of your work, operating effectively in a remote environment while maintaining a collaborative, team-focused mindset.\r\nNice-to-have experience:\r\nYou have experience in JavaScript and TypeScript, including the ability to read, understand, and reason about modern web application codebases.\r\nYou have experience working with Cloudflare, including its hosting and Web Application Firewall (WAF) capabilities, to help secure and operate internet-facing applications.\r\nYou have experience testing and securing GraphQL, REST APIs, including understanding common GraphQL/REST-specific attack vectors and security considerations.\r\nYou have experience or a strong interest in Web3 security testing, including assessing smart contracts, blockchain-based applications, or Web3 integrations.\r\nYou have an interest in agentic engineering, including emerging patterns in autonomous systems, tooling, or workflows, and their security implications.\r\nBonus Points\r\nYou contribute or have contributed to the security community through open source involvement, participation in CTFs, or speaking at local information security meetups and conferences.\r\nYour background includes experience working with disruptive technologies and successfully launching products, ideally within FinTech, SaaS, or Crypto.\r\nYou hold one or more security relevant certifications such as OSCP or OSWE.\r\nValues\r\nB – Be Hungry\r\nL – Level Up\r\nO – Own It\r\nC – Crypto Curious\r\nK – Kaizen\r\nResearch has shown that women are less likely than men to apply for this role if they do not have experience in 100% of these areas. Please know that this list is indicative, and that we would still love to hear from you even if you feel that you are only a 75% match. Skills can be learnt, diversity cannot.\r\nBenefits & Perks\r\nCompetitive salary package\r\nEquity package: We believe financial freedom starts with our employees, so all employees have ownership at MoonPay.\r\nPay for performance equity bonus: Those who drive outsized outcomes receive outsized rewards.\r\nMoonshot award. We honor exceptional impact – 10 employees twice a year, each earning a $250,000 equity grant.\r\nUnlimited holidays: We give you the autonomy to choose when to work (and when to switch off).\r\nHybrid working schedule: Work fully remotely or your nearest Moonbase, the choice is yours.\r\nPrivate Healthcare benefits: To protect you and your loved ones.\r\nEnhanced parental leave: So you can spend more time with your loved ones without a second thought.\r\nAnnual training budget: We support your training journey every step of the way.\r\nHome office setup allowance: Create the home office of your dreams.\r\nRemote working allowance: Those working fully remotely get a little extra for utilities.\r\nMonthly budget to spend on our products and zero-fee crypto transactions: Cultivate your inner DEGEN.\r\nEmployee referral programme: Great people know great people, refer them to receive 10K in USDC.\r\nRegular remote company offsites: Meet your colleagues regularly for high-impact in-person sessions and hackathons.\r\nWorking in a disruptive and fast-growing company where excellence is rewarded.\r\nCommitment to Diversity\r\nAt MoonPay we believe that every voice matters. We strive to create a mindful and respectful environment where everyone can bring their authentic self to work, and experience a culture that is free of harassment, racism, and discrimination. That's why we are committed to diversity and inclusion in the workplace and are a proud equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by law. This policy applies to all employment practices within our organization, including, but not limited to, hiring, recruiting, promotion, termination, layoff, and leave of absence. MoonPay is also committed to providing reasonable accommodations in our job application procedures for qualified individuals with disabilities. Please inform our Talent Team if you need any assistance completing any forms or to otherwise participate in the application process.\r\nWe may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.\r\nJ-18808-Ljbffr","company":"Crypto Pro Network","rawCompany":"crypto pro network","city":"Poland","state":"NY","isRemote":false,"isActive":false,"createdAt":"2026-04-09T15:47:14.712Z","occupations":[{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"},{"code":"15-1212.00","title":"Information Security Analysts","slug":"information-security-analysts"},{"code":"15-1252.00","title":"Software Developers","slug":"software-developers"}],"industries":[{"code":"513210","title":"Software Publishers","slug":"software-publishers"},{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"},{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"Application Security Engineer","description":"About MoonPayHi, we're MoonPay. We're here to onboard the world to the decentralized economy by making digital money move as universally and effortlessly as the internet. Why? Because crypto, stablecoins and blockchain aren't just technologies. They're tools for global financial empowerment. They give people and businesses more control over their money, their digital assets, and their future, opening access to legacy financial systems that have been out of reach for many. What we doMoonPay is a unified payments platform for digital currency. We make it easy for anyone, anywhere, to buy, sell, swap and pay in digital currencies as easy as sending an email. That simplicity is intentional, our focus is reducing complexity so people can participate confidently, without needing to be crypto experts. We power the entire flow between fiat and crypto end to end, with compliance, identity checks, fraud prevention, and settlement all built in. This end-to-end approach reflects how we work internally: with accountability, rigor, and trust built into everything we ship. Proven at scaleTrusted by over 30 million customers and over 500 ecosystem partners, our secure, enterprise-grade platform is driving mainstream crypto adoption worldwide. Behind those numbers are millions of real people and organizations relying on MoonPay every day. We collaborate with innovative brands and projects to build secure, scalable solutions for a blockchain-powered future. This is an opportunity to help shape systems, not just scale them. And we're committed to doing it right. Fully licensed in the U.S. and regulated across the UK, EU, Canada, and Australia, because trust and compliance are non-negotiable. But we're just getting started. We've launched a consumer app that makes crypto accessible, intuitive, and usable for everyone, and it's growing fast. We're iterating every day to make it the best it can be. If you believe financial freedom should be for everyone. If you believe in building a fairer, more open financial system - we want you with us. To build systems that benefit all, we need contributions from all, regardless of background. Come build the future of payments and the decentralized economy with MoonPay. Let's make financial freedom and autonomy the new normal.\r\nLocations Supported UK US Poland Spain Portugal Relocation available: No Work pattern: This role will be remote.\r\nAbout the Opportunity\r\nOur Product Security team is a dynamic blend of proactive defenders and inquisitive problem-solvers. We are dedicated to strengthening our systems through rigorous security reviews and hands-on penetration testing, and we actively manage our Bug Bounty program to ensure timely validation, response, and remediation. We leverage cutting-edge tools and techniques to build robust defenses, and collaboration is central to how we work; embedding security best practices throughout the SDLC. We continuously research emerging threats, develop effective mitigation strategies, and empower engineering teams through clear guidance and practical security training. We maintain up-to-date security standards and documentation, lead incident response efforts with precision, and are passionate about spreading a secure-by-design culture while contributing to the wider security community.\r\nWhat You Will Do\r\nConduct threat modelling reviews of Technical Design Documents (TDDs) for new and existing features, providing clear, actionable security recommendations early in the design process.\r\nPerform and support application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept (PoC) development where appropriate.\r\nInvestigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation.\r\nOwn and continuously improve application-layer protections, including managing and tuning Cloudflare WAF and related security controls.\r\nPartner closely with engineering teams to embed security best practices throughout the SDLC, from design and development through deployment and maintenance.\r\nResearch and track emerging threats and vulnerabilities, translating findings into practical mitigation strategies relevant to our technology stack.\r\nDevelop and deliver security guidance, training, and awareness for engineering teams to raise the overall security maturity of the organization.\r\nContribute to the creation, maintenance, and evolution of security standards, processes, and documentation.\r\nParticipate in and eventually lead incident response activities, supporting investigation, containment, remediation, and post-incident improvements.\r\nAbout You\r\nYou have developed a breadth of experience across multiple security domains, including web and mobile application security, infrastructure and cloud security, and can connect these areas to drive a holistic security approach.\r\nYou have hands-on experience performing white-box, source code-assisted web and mobile application penetration testing, from vulnerability discovery through triage and exploitation.\r\nYou have the ability to read, understand, and review source code to identify security issues, with ideally, a particular focus on JavaScript and TypeScript codebases.\r\nYou have a strong understanding of Threat Modelling principles and their practical application to the secure software development lifecycle (SDLC).\r\nYou have experience working with web application firewalls to help protect applications, assess coverage, and support tuning rules to mitigate common attack patterns.\r\nYou have experience embedding application security practices into CI/CD pipelines, enabling early detection of vulnerabilities and close collaboration with engineering teams throughout the development lifecycle.\r\nYou have collaborated closely with engineering teams to clearly communicate security findings, explain vulnerabilities, attack paths, and mitigations, and support the implementation of effective fixes for both technical and non-technical audiences.\r\nYou are self-motivated, proactive, and take strong ownership of your work, operating effectively in a remote environment while maintaining a collaborative, team-focused mindset.\r\nNice-to-have experience:\r\nYou have experience in JavaScript and TypeScript, including the ability to read, understand, and reason about modern web application codebases.\r\nYou have experience working with Cloudflare, including its hosting and Web Application Firewall (WAF) capabilities, to help secure and operate internet-facing applications.\r\nYou have experience testing and securing GraphQL, REST APIs, including understanding common GraphQL/REST-specific attack vectors and security considerations.\r\nYou have experience or a strong interest in Web3 security testing, including assessing smart contracts, blockchain-based applications, or Web3 integrations.\r\nYou have an interest in agentic engineering, including emerging patterns in autonomous systems, tooling, or workflows, and their security implications.\r\nBonus Points\r\nYou contribute or have contributed to the security community through open source involvement, participation in CTFs, or speaking at local information security meetups and conferences.\r\nYour background includes experience working with disruptive technologies and successfully launching products, ideally within FinTech, SaaS, or Crypto.\r\nYou hold one or more security relevant certifications such as OSCP or OSWE.\r\nValues\r\nB – Be Hungry\r\nL – Level Up\r\nO – Own It\r\nC – Crypto Curious\r\nK – Kaizen\r\nResearch has shown that women are less likely than men to apply for this role if they do not have experience in 100% of these areas. Please know that this list is indicative, and that we would still love to hear from you even if you feel that you are only a 75% match. Skills can be learnt, diversity cannot.\r\nBenefits & Perks\r\nCompetitive salary package\r\nEquity package: We believe financial freedom starts with our employees, so all employees have ownership at MoonPay.\r\nPay for performance equity bonus: Those who drive outsized outcomes receive outsized rewards.\r\nMoonshot award. We honor exceptional impact – 10 employees twice a year, each earning a $250,000 equity grant.\r\nUnlimited holidays: We give you the autonomy to choose when to work (and when to switch off).\r\nHybrid working schedule: Work fully remotely or your nearest Moonbase, the choice is yours.\r\nPrivate Healthcare benefits: To protect you and your loved ones.\r\nEnhanced parental leave: So you can spend more time with your loved ones without a second thought.\r\nAnnual training budget: We support your training journey every step of the way.\r\nHome office setup allowance: Create the home office of your dreams.\r\nRemote working allowance: Those working fully remotely get a little extra for utilities.\r\nMonthly budget to spend on our products and zero-fee crypto transactions: Cultivate your inner DEGEN.\r\nEmployee referral programme: Great people know great people, refer them to receive 10K in USDC.\r\nRegular remote company offsites: Meet your colleagues regularly for high-impact in-person sessions and hackathons.\r\nWorking in a disruptive and fast-growing company where excellence is rewarded.\r\nCommitment to Diversity\r\nAt MoonPay we believe that every voice matters. We strive to create a mindful and respectful environment where everyone can bring their authentic self to work, and experience a culture that is free of harassment, racism, and discrimination. That's why we are committed to diversity and inclusion in the workplace and are a proud equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by law. This policy applies to all employment practices within our organization, including, but not limited to, hiring, recruiting, promotion, termination, layoff, and leave of absence. MoonPay is also committed to providing reasonable accommodations in our job application procedures for qualified individuals with disabilities. Please inform our Talent Team if you need any assistance completing any forms or to otherwise participate in the application process.\r\nWe may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.\r\nJ-18808-Ljbffr","datePosted":"2026-04-09T15:47:14.712Z","dateModified":"2026-04-09T15:47:14.712Z","hiringOrganization":{"@type":"Organization","name":"Crypto Pro Network","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Poland","addressRegion":"NY","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"3f7e2b409997b6ec23fefc31"},"url":"https://jobsearcher.com/jobs/3f7e2b409997b6ec23fefc31"}}