Application Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

OnePay · 4 hours ago

Application Security Engineer

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
date8+ years exp

OnePay is an all-in-one financial platform aimed at improving the financial well-being of Americans. The Application Security Engineer will play a crucial role in safeguarding the platform by designing secure AWS architectures and embedding automated threat detection to protect customer transactions while ensuring compliance with rigorous standards.

Responsibilities

Architect and implement secure AWS configurations (IAM roles/policies, encryption keys, VPC segmentation)
Embed security into CI/CD pipelines and repos using policy-as-code tools (pre-commit hooks, SAST/SCA, IDE tool integrations)
Secure container and orchestration environments (EKS, Kubernetes, Docker) per best practices
Conduct threat modeling sessions and risk‑driven design reviews early in development
Perform secure code reviews and static/dynamic analysis; oversee remediation with dev teams
Automate repetitive security tasks—vulnerability triage, code scanning, tool orchestration
Build and extend in-house AppSec automation frameworks or pentest tooling
Partner with security architecture and detection teams (SIEM tuning, logging, telemetry alignment)
Develop and enforce AppSec standards and patterns across product teams; iterate through feedback loops
Support regulatory or compliance assessments (PCI, CCPA, GLBA) as needed

Qualification

AWS security configurationsCI/CD security integrationContainer securityThreat modelingApplication security engineeringSAST/SCA toolsAutomation scriptingSecurity architecture patternsCommunication

Required

8–12 years' experience in application security engineering, DevSecOps, or security platform engineering
Deep familiarity with CVSS, MITRE ATT&CK frameworks, OWASP Top 10 and CWE taxonomy
Proven experience with AWS core services: IAM, KMS, VPC, EC2, RDS, EKS
Hands-on expertise in securing IaC and CI/CD pipelines; strong knowledge of policy-as-code tooling
Container security experience: Docker, Kubernetes, EKS-related threat surfaces
Solid threat modeling and secure code review skills; SAST/SCA tool proficiency
Experience scripting automation (e.g. Python, Bash, PowerShell) to streamline AppSec tasks
Capability to lead in-house AppSec frameworks or tooling development
Strong communicator, able to translate technical findings to non-technical stakeholders
Track record of defining and institutionalizing security architecture patterns

Benefits

Competitive base salary, stock options, and health benefits from Day 1
401(k) plan with company match
Remote-friendly (US), flexible time off (FTO), and opportunities for growth

Company

OnePay

twitter
company-logo
At OnePay, we believe that better money makes life better.
dateFounded in 2022
location
New York, NY, US
people-size501-1000 employees
web-link
https://www.onepay.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Omer Ismail
Chief Executive Officer
linkedin
leader-logo
Chris Morgan
Chief Information Security Officer
linkedin

Recent News

Payments Dive
Klarna to displace Affirm as Walmart BNPL provider
2025-03-17
Crunchbase News
Crunchbase Unicorn Board Tops $1 Trillion In Funding Raised
2025-01-16
Crunchbase News
Crunchbase Unicorn Board Tops $1T In Funding Raised
2025-01-16
Company data provided by crunchbase