Staff Cloud Security Engineer

About MoonPay

Hi, we’re MoonPay. We’re here to onboard the world to Web3. Why? Because we think Web3 is a unique and democratising technology. It gives people back control of their money, digital identity, data, and property like nothing else before it.

What We Do

We’re the leading infrastructure company in Web3. This means we offer our partners everything from payment solutions (we call them 'Ramps') to minting software for digital collectibles, like NFTs. And over 30 million people around the world now trust our products — just take a look on Trustpilot. We’re also big on collaborations. And we’ve worked on stunts, drops, and partnerships with some of the world's most prestigious and forward-thinking brands. But that’s not all. We have also built our own consumer app because we wanted to see if we could build a better Web3 account. It’s taken off in a big way, and we’re working hard to continually improve it and to strive for perfection. So whatever your background, we’re sure there’s something for you here. Come help us build the future of Web3 and digital ownership.

About the Opportunity

Our Product Security Team is a dynamic blend of proactive defenders and inquisitive problem-solvers. We're dedicated to fortifying our cloud infrastructure (GCP and AWS) through rigorous security reviews, threat modeling, and automated controls. We actively manage our cloud security posture, ensuring swift response and remediation to identified risks. We leverage cutting-edge tools like DataDog for cloud security monitoring and Terraform for secure Infrastructure as Code. Collaboration is key, as we embed security best practices throughout the infrastructure lifecycle. We are constantly researching emerging cloud threats, crafting effective mitigation strategies, and empowering our engineering teams with comprehensive training. We maintain up-to-date cloud security standards, baseline, implement Just-in-Time (JIT) access controls, and will establish and lead our cloud incident management process.

What you will do

• Perform Threat Modelling of architectural infrastructure changes and new cloud infrastructure and Kubernetes deployments in GCP and AWS.
• Design, implement, and manage robust security controls and configurations for our GCP and AWS environments.
• Develop and maintain secure Infrastructure as Code (IaC) using Terraform and tools.
• Implement, manage, and enhance Cloud Security monitoring using DataDog, including alert configuration, response procedures and not just rely on out of box (OOTB) rules.
• Implement and manage Just-in-Time (JIT) access solutions for elevated privilege access to cloud resources.
• Establish and manage the cloud incident management process and program, including leading incident response activities for cloud security events.
• Collaborate with infrastructure and development teams to integrate cloud security best practices throughout the infrastructure lifecycle.
• Research and evaluate emerging cloud security threats and vulnerabilities, and develop effective mitigation strategies.
• Develop and deliver cloud security training and awareness programs to engineering and relevant teams.
• Contribute to the development and maintenance of cloud security standards, policies, and documentation, ensuring they are up-to-date.
• Manage the future of our cloud security posture, driving continuous improvement and strategic initiatives.
• Accurately document cloud security configurations, processes, and knowledge, and effectively disseminate this information to other teams.
• Conduct vulnerability assessments and drive remediation for cloud infrastructure.
• Support requirements and evidence requested from auditors, compliance and regulators.

What you’ll be working on

As part of our Cloud Security team, you’ll be instrumental in designing, building, and maintaining the security of our cloud platforms (GCP & AWS). You’ll conduct in-depth threat models of cloud architecture, ensuring robust defenses are implemented from the outset. You’ll actively manage and enhance our cloud security posture using tools like DataDog and automate security controls with Terraform. You’ll be responsible for implementing and managing JIT access controls and establishing our cloud incident response framework. You’ll collaborate closely with infrastructure and engineering teams, integrating cloud security seamlessly into their workflows. You’ll research emerging cloud threats, developing strategies to stay ahead of adversaries. You’ll contribute to and deliver cloud security training, fostering a security-conscious culture. You’ll help maintain and improve our cloud security standards and documentation. You’ll lead cloud incident response efforts, ensuring swift and effective remediation. You will support MoonPay in maintaining the current or achieving new certifications and support audit and compliance requirements.

About You

• You have extensive experience in Cloud Security, with deep expertise in GCP and AWS.
• You possess a strong understanding of Threat Modelling principles and their application to cloud infrastructure and architectural designs.
• You have hands-on experience with cloud security tools and technologies, including DataDog for security monitoring and Terraform for Infrastructure as Code.
• You have proven experience in designing, implementing, and managing cloud security controls and configurations.
• You have experience with Identity and Access Management (IAM) in cloud environments, including the implementation and management of Just-in-Time (JIT) access solutions.
• You have a proven ability to establish and manage incident response programs specifically for cloud environments.
• Proficiency in scripting or programming languages relevant to cloud automation and security (e.g., Python, Go, or similar) is a plus.
• You are comfortable explaining technical security concepts, vulnerabilities, and effective mitigations to diverse audiences.
• You are self-motivated, can work independently and effectively in a remote setting while maintaining a team-focused mindset.
• You are highly skilled in documenting security processes and configurations and effectively sharing knowledge with other teams.
• Your background experience includes working in a disruptive technology environment, ideally within FinTech, SaaS, or Crypto.
• Relevant security certifications (e.g., GCP Professional Cloud Security Engineer, AWS Certified Security - Specialty, CISSP, CISM) are a plus but not required.
• You have a good understanding of cryptography and its applications in cloud security.
• You contribute to the security community (e.g., open source projects, conference talks, CTFs).

Most importantly, though, you will embody the core principles that everyone here at the MoonPay lives by. Our “BLOCK Values” are at the heart of everything we do - and they are…

• B - Be Hungry
• L - Level Up
• O - Own It
• C - Crypto Curious
• K - Kaizen

MoonPay Perks

• Equity package
• Unlimited holidays
• Paid parental leave
• Annual training budget
• Home office setup allowance
• Monthly budget to spend on our products
• Working in a disruptive and fast-growing industry where the possibilities are endless
• Freedom, autonomy and responsibility

Commitment To Diversity

At MoonPay we believe that every voice matters. We strive to create a mindful and respectful environment where everyone can bring their authentic self to work, and experience a culture that is free of harassment, racism, and discrimination. That’s why we are committed to diversity and inclusion in the workplace and are a proud equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by law. This policy applies to all employment practices within our organization, including, but not limited to, hiring, recruiting, promotion, termination, layoff, and leave of absence.

MoonPay is also committed to providing reasonable accommodations in our job application procedures for qualified individuals with disabilities. Please inform our Talent Team if you need any assistance completing any forms or to otherwise participate in the application process.