Product Security Manager

Описание вакансии

About MoonPay

Hi, we’re MoonPay. We’re here to onboard the world to the decentralized economy by making digital money move as universally and effortlessly as the internet.

Why?

Because crypto, stablecoins and blockchain aren’t just technologies. They’re tools for global financial empowerment. They give people and businesses more control over their money, their digital assets, and their future, opening access to legacy financial systems that have been out of reach for many.

What we do

MoonPay is a unified payments platform for digital currency. We make it easy for anyone, anywhere, to buy, sell, swap and pay in digital currencies as easy as sending an email. That simplicity is intentional, our focus is reducing complexity so people can participate confidently, without needing to be crypto experts. We power the entire flow between fiat and crypto end to end, with compliance, identity checks, fraud prevention, and settlement all built in. This end-to-end approach reflects how we work internally: with accountability, rigor, and trust built into everything we ship.

Proven at scale

Trusted by over 30 million customers and over 500 ecosystem partners, our secure, enterprise-grade platform is driving mainstream crypto adoption worldwide. Behind those numbers are millions of real people and organizations relying on MoonPay every day.

We collaborate with innovative brands and projects to build secure, scalable solutions for a blockchain-powered future. This is an opportunity to help shape systems, not just scale them. And we’re committed to doing it right. Fully licensed in the U.S. and regulated across the UK, EU, Canada, and Australia, because trust and compliance are non-negotiable.

But we’re just getting started. We’ve launched a consumer app that makes crypto accessible, intuitive, and usable for everyone, and it’s growing fast. We’re iterating every day to make it the best it can be.

If you believe financial freedom should be for everyone. If you believe in building a fairer, more open financial system - we want you with us. To build systems that benefit all, we need contributions from all, regardless of background.

Come build the future of payments and the decentralized economy with MoonPay. Let’s make financial freedom and autonomy the new normal.

About the Opportunity

As the Product Security Manager, you will play a pivotal role in securing the infrastructure that powers the Web3 economy. You will lead and scale two high-impact teams: Application Security and Vulnerability Management & Automation.

Your mission is to ensure that security is woven into the fabric of our product development lifecycle, empowering our engineers to build fast without compromising on safety. You will be a mentor, a strategist, and a leader helping MoonPay maintain its reputation as the most trusted brand in the space.

You are a natural leader able to influence different parts of the business with security initiatives and negotiate the best security solutions for new challenges and unexplored territories

What you will do

• Lead and Mentor: Oversee the day-to-day operations and career development of the Application Security and Vulnerability Management & Automation teams.
• Security Strategy: Define the roadmap for product security, focusing on scalable automation and proactive defense mechanisms.
• Vulnerability Management: Drive the end-to-end lifecycle of vulnerability discovery, triaging, and remediation across our entire ecosystem.
• Application Security: Improve security tooling (SAST, DAST, SCA) into CI/CD pipelines and lead threat modeling sessions and penetration testing for new features.
• Cross-Functional Collaboration: Partner with Engineering and Product leaders and help and influence with security topics new business units and acquisitions to prioritize security debt and promote a culture of Security by Design.
• Incident Response: Lead high-priority security incidents and investigations and improve processes, manage team rotas and escalations.
• Regulatory and Compliance: Support organisation maintain or acquire new critical certifications such as SOC2, PCI, CIS TOP 18, ISO27001.

About You

• Experienced Leader: You have a proven track record of managing technical security teams in high-growth, cloud-native environments.
• Adaptive in Ambiguity: As our team moves at a very fast pace, you must be comfortable navigating ambiguity and resolving unclear or evolving topics effectively.
• Technical Depth: You possess a strong background in application security, penetration testing and software engineering.
• Automation Mindset: You believe that manual processes are bugs and have experience building or implementing automated security scanning and reporting tools.
• Strategic Thinker: You can balance immediate tactical needs with long-term security goals.
• Web3 Enthusiast: You are curious about (or experienced in) blockchain technology, smart contract security, and the unique challenges of the Web3 landscape.

What you will be working with/on…

The Product Security team operates within a cutting-edge technological environment and focuses on several critical areas to ensure the highest level of security for our platform and products.

• Modern Tech Stack and Infrastructure: We leverage an advanced cloud infrastructure designed for high scalability and resilience. Our development and deployment processes are built upon robust CI/CD environments, necessitating security integration at every stage, from code commit to production deployment. This involves securing containers, serverless components, and sophisticated cloud-native networking configurations.
• Scalable Automation Frameworks: To effectively manage security risks across a rapidly expanding codebase and infrastructure, we utilize and develop both custom-built and industry-standard tools for vulnerability management. This includes automated security testing, dependency scanning, misconfiguration detection, and streamlined vulnerability triage and remediation workflows, all designed to operate effectively at scale.
• Securing the Next Generation of Features: A major strategic focus is on securing our next generation of AI-enabled features. This involves proactive security measures related to Large Language Models (LLMs) and other AI components. Our goal is to ensure data privacy and integrity within all model interactions and maintain compliance with responsible AI principles.
• Diverse and Proactive Application Security Services: We offer a full spectrum of proactive security guidance and services tailored to the needs of various engineering and business lines. This includes comprehensive penetration testing (both internal and external), in-depth threat modeling during the design phase of new features, security architecture reviews, and the development of secure coding standards. These services are provided across a wide variety of applications and business lines, from core financial services to new user-facing products.
• Continuous Improvement and Security Posture Enhancement: We maintain a strong commitment to the principle of continuous improvement. This involves constantly exploring and identifying opportunities to level up the security posture across the entire organization. This includes enhancing tooling, refining processes, developing and delivering security training to engineering teams, and driving large-scale security initiatives.
• Secure Development Lifecycle Guidance: A core responsibility is to guide engineering teams on adopting best practices for the secure development and deployment of their applications. This encompasses promoting a security-first culture, embedding security requirements into the SDLC, providing timely consultation on security issues, and helping teams implement security controls effectively.

BLOCK Values

We’re looking for people who live our core values, those who strive for excellence and want to leave a lasting legacy on the global financial system. Our values:

B - Be Hungry

L - Level Up

O - Own It

C - Crypto Curious

K - Kaizen

Research has shown that women are less likely than men to apply for this role if they do not have experience in 100% of these areas. Please know that this list is indicative, and that we would still love to hear from you even if you feel that you are only a 75% match. Skills can be learnt, diversity cannot.

Benefits & Perks 💡

💰Competitive salary package

🤝 Equity package: We believe financial freedom starts with our employees, so all employees have ownership at MoonPay

📈 Pay for performance equity bonus: Those who drive outsized outcomes receive outsized rewards

🚀 Moonshot award. We honor exceptional impact - 10 employees twice a year, each earning a $250,000 equity grant.

🏝 Unlimited holidays: We give you the autonomy to choose when to work (and when to switch off)

🌍 Hybrid working schedule: Work fully remotely or your nearest Moonbase, the choice is yours

🩺 Private Healthcare benefits: To protect you and your loved ones

🍼 Enhanced parental leave: So you can spend more time with your loved ones without a second thought

📚 Annual training budget: We support your training journey every step of the way

🪑 Home office setup allowance: Create the home office of your dreams

👛 Remote working allowance: Those working fully remotely get a little extra for utilities

💰 Monthly budget to spend on our products and zero fee crypto transactions: Cultivate your inner DEGEN

💰 Employee referral programme: Great people know great people, refer them to receive 10K in USDC

✈️ Regular remote company offsites: Meet your colleagues regularly for high impact in person sessions and hackathons

🚀 Working in a disruptive and fast-growing company where excellence is rewarded

Commitment To Diversity

At MoonPay we believe that every voice matters. We strive to create a mindful and respectful environment where everyone can bring their authentic self to work, and experience a culture that is free of harassment, racism, and discrimination. That’s why we are committed to diversity and inclusion in the workplace and are a proud equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by law. This policy applies to all employment practices within our organization, including, but not limited to, hiring, recruiting, promotion, termination, layoff, and leave of absence.

MoonPay is also committed to providing reasonable accommodations in our job application procedures for qualified individuals with disabilities. Please inform our Talent Team if you need any assistance completing any forms or to otherwise participate in the application process.