Application Security Engineer

About OnePay

OnePay is a consumer financial services app with an exceedingly simple mission: to help people achieve financial progress.

Tens of millions of Americans today are unbanked or underbanked, meaning they don’t have enough money in savings to cover a minor emergency. They pay too much in fees, don’t have access to credit at affordable rates, and have little ability to grow their wealth. OnePay’s vision is to create a single app for consumers to save, spend, borrow, and grow their money, bringing our mission to life with simple and accessible banking, credit, and payments products that deliver a bestinclass experience to millions of customers. Our products include:

• Checking and highyield savings accounts

• Domestic and international peertopeer payments

• Credit Builder and credit score monitoring

• Digital wallet contactless payment solutions

• Buynowpaylater installment loans at Walmart

• Why do we have a right to win? We have the backing of Walmart (a Fortune 1) and Ribbit Capital (a preeminent fintech investor), are deeply embedded with the distribution of the world’s largest omnichannel retailer, and have an industryleading multiproduct value proposition — all in addition to having some of the best people and talent in the industry.

  There’s never been a better time to build a categorydefining business and there has rarely been a team better positioned for the opportunity. Join us!

  Our Application Security Engineers play a pivotal role in safeguarding our platform, driving everything from designing secure AWS architectures to embedding automated threat detection that protects customer transactions. Your work will ensure we meet rigorous compliance standards (PCI, CCPA, GLBA) and maintain the highest levels of trust and reliability for our users.

  • Architect and implement secure AWS configurations (IAM rolespolicies, encryption keys, VPC segmentation)

  • Embed security into CICD pipelines and repos using policyascode tools (precommit hooks, SASTSCA, IDE tool integrations)

  • Secure container and orchestration environments (EKS, Kubernetes, Docker) per best practices

  • Conduct threat modeling sessions and risk‑driven design reviews early in development

  • Perform secure code reviews and staticdynamic analysis; oversee remediation with dev teams

  • Automate repetitive security tasks—vulnerability triage, code scanning, tool orchestration

  • Build and extend inhouse AppSec automation frameworks or pentest tooling

  • Partner with security architecture and detection teams (SIEM tuning, logging, telemetry alignment)

  • Develop and enforce AppSec standards and patterns across product teams; iterate through feedback loops

  • Support regulatory or compliance assessments (PCI, CCPA, GLBA) as needed

  • You Bring:

    • 8–12 years’ experience in application security engineering, DevSecOps, or security platform engineering

    • Deep familiarity with CVSS, MITRE ATT&CK frameworks, OWASP Top 10 and CWE taxonomy

    • Proven experience with AWS core services: IAM, KMS, VPC, EC2, RDS, EKS

    • Handson expertise in securing IaC and CICD pipelines; strong knowledge of policyascode tooling

    • Container security experience: Docker, Kubernetes, EKSrelated threat surfaces

    • Solid threat modeling and secure code review skills; SASTSCA tool proficiency

    • Experience scripting automation (e.g. Python, Bash, PowerShell) to streamline AppSec tasks

    • Capability to lead inhouse AppSec frameworks or tooling development

    • Strong communicator, able to translate technical findings to nontechnical stakeholders

    • Track record of defining and institutionalizing security architecture patterns

    • Standard Interview Process

      • Initial Interview with Talent Partner

      • Technical or Hiring Manager Interview

      • Team Interview

      • Executive Interview

      • Offer!

      • Equal Employment Opportunity

        To build technology and products that are used and loved by people and solve realworld problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at talent@onepay.com.