Security Platform Engineer

About OnePay OnePay is a consumer financial services app with an exceedingly simple mission: to help people achieve financial progress. Tens of millions of Americans today are unbanked or underbanked, meaning they don’t have enough money in savings to cover a minor emergency. They pay too much in fees, don’t have access to credit at affordable rates, and have little ability to grow their wealth. OnePay’s vision is to create a single app for consumers to save, spend, borrow, and grow their money, bringing our mission to life with simple and accessible banking, credit, and payments products that deliver a best-in-class experience to millions of customers. Our products include: Checking and high-yield savings accounts Domestic and international peer-to-peer payments Credit Builder and credit score monitoring Digital wallet / contactless payment solutions Credit card program Buy-now-pay-later installment loans at Walmart Prepaid mobile service Why do we have a right to win? We have the backing of Walmart (a Fortune 1) and Ribbit Capital (a preeminent fintech investor), are deeply embedded with the distribution of the world’s largest omnichannel retailer, and have an industry-leading multi-product value proposition — all in addition to having some of the best people and talent in the industry. There’s never been a better time to build a category-defining business and there has rarely been a team better positioned for the opportunity. Join us! The Role As a Security Platform Engineer at OnePay, you’ll support the security of our platform by helping embed secure practices across development and cloud environments. In this role, you’ll contribute to security reviews, automation, and compliance efforts that protect our customers and ensure trust. Assist in designing and validating secure AWS configurations (IAM roles, encryption, VPC segmentation). Support integration of security checks into CI/CD pipelines using policy-as-code tools and automation. Contribute to securing containerized environments (Docker, Kubernetes, EKS) following best practices. Participate in threat modeling, code reviews, and static/dynamic analysis alongside senior engineers. Help automate repetitive AppSec tasks like vulnerability scanning and triage. Document and promote secure development patterns across product teams. You Bring 4+ years’ experience in application security engineering, DevSecOps, or security platform engineering Familiarity with common security frameworks and taxonomies (OWASP Top 10, CWE, CVSS, MITRE ATT&CK) Exposure to AWS services (IAM, KMS, VPC, EC2, RDS, EKS) or cloud security fundamentals Hands-on experience with code scanning or SAST/SCA tools Scripting skills (Python, Bash, or similar) to support automation Strong interest in learning modern AppSec practices and growing technical depth Drive and proactivity - everyone here is a builder and executor What We Offer Competitive base salary, stock options, and health benefits from Day 1 401(k) plan with company match Remote-friendly (US), flexible time off (FTO), and opportunities for growth A high-growth, mission-driven, inclusive culture where your work has real impact Standard Interview Process Initial Interview with Talent Partner Technical or Hiring Manager Interview Team Interview Executive Interview Offer! Equal Employment Opportunity To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at [email protected].