Job Specifications
About MoonPay
Hi, we’re MoonPay. We’re here to onboard the world to the decentralized economy by making digital money move as universally and effortlessly as the internet.
Why?
Because crypto, stablecoins and blockchain aren’t just technologies. They’re tools for global financial empowerment. They give people and businesses more control over their money, their digital assets, and their future, opening access to legacy financial systems that have been out of reach for many.
What we do
MoonPay is a unified payments platform for digital currency. We make it easy for anyone, anywhere, to buy, sell, swap and pay in digital currencies as easy as sending an email. That simplicity is intentional, our focus is reducing complexity so people can participate confidently, without needing to be crypto experts. We power the entire flow between fiat and crypto end to end, with compliance, identity checks, fraud prevention, and settlement all built in. This end-to-end approach reflects how we work internally: with accountability, rigor, and trust built into everything we ship.
Proven at scale
Trusted by over 30 million customers and over 500 ecosystem partners, our secure, enterprise-grade platform is driving mainstream crypto adoption worldwide. Behind those numbers are millions of real people and organizations relying on MoonPay every day.
We collaborate with innovative brands and projects to build secure, scalable solutions for a blockchain-powered future. This is an opportunity to help shape systems, not just scale them. And we’re committed to doing it right. Fully licensed in the U.S. and regulated across the UK, EU, Canada, and Australia, because trust and compliance are non-negotiable.
But we’re just getting started. We’ve launched a consumer app that makes crypto accessible, intuitive, and usable for everyone, and it’s growing fast. We’re iterating every day to make it the best it can be.
If you believe financial freedom should be for everyone. If you believe in building a fairer, more open financial system - we want you with us. To build systems that benefit all, we need contributions from all, regardless of background.
Come build the future of payments and the decentralized economy with MoonPay. Let’s make financial freedom and autonomy the new normal.
Locations Supported
UK
US
Poland
Spain
Portugal
Relocation available:No
Work pattern: This role will be remote.
About The Opportunity
Our Product Security team is a dynamic blend of proactive defenders and inquisitive problem-solvers. We are dedicated to strengthening our systems through rigorous security reviews and hands-on penetration testing, and we actively manage our Bug Bounty program to ensure timely validation, response, and remediation.
We leverage cutting-edge tools and techniques to build robust defenses, and collaboration is central to how we work; embedding security best practices throughout the SDLC. We continuously research emerging threats, develop effective mitigation strategies, and empower engineering teams through clear guidance and practical security training.
We maintain up-to-date security standards and documentation, lead incident response efforts with precision, and are passionate about spreading a secure-by-design culture while contributing to the wider security community.
What You Will Do
Conduct threat modelling reviews of Technical Design Documents (TDDs) for new and existing features, providing clear, actionable security recommendations early in the design process.
Perform and support application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept (PoC) development where appropriate.
Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation.
Own and continuously improve application-layer protections, including managing and tuning Cloudflare WAF and related security controls
Partner closely with engineering teams to embed security best practices throughout the SDLC, from design and development through deployment and maintenance.
Research and track emerging threats and vulnerabilities, translating findings into practical mitigation strategies relevant to our technology stack.
Develop and deliver security guidance, training, and awareness for engineering teams to raise the overall security maturity of the organization
Contribute to the creation, maintenance, and evolution of security standards, processes, and documentation
Participate in and eventually lead incident response activities, supporting investigation, containment, remediation, and post-incident improvements.
About You
You have developed a breadth of experience across multiple security domains, including web and mobile application security, infrastructure and cloud security, and can connect these areas to drive a holistic security approach.
You have hands-on experience performing white-box, source code-assisted web
About the Company
We are MoonPay. Architects of the future, inventors, artists, and authors of innovation.
Our vision? To unlock digital ownership for everyone. We are onboarding the world to Web3, where people can own and control their digital identity, data, property, and money.
MoonPay is the world’s leading Web3 infrastructure company. We provide end-to-end solutions for payments, enterprise-scale smart contract development, and digital asset management. Many of the world's most iconic brands rely on MoonPay to power their Web3 strategi...
Know more