About MoonPay 🌖💸
Hi, we’re MoonPay. We’re here to onboard the world to Web3.
Why? Because we think Web3 is a unique and democratising technology. It gives people back control of their money, digital identity, data, and property like nothing else before it.
What we do
We’re the leading infrastructure company in Web3. This means we offer our partners everything from payment solutions (we call them ‘Ramps’) to minting software for digital collectibles, like NFTs. And over 30 million people around the world now trust our products — just take a look on Trustpilot.
We’re also big on collaborations. And we’ve worked on stunts, drops, and partnerships with some of the world’s most prestigious and forward-thinking brands.
But that’s not all. We have also built our own consumer app because we wanted to see if we could build a better Web3 account. It’s taken off in a big way, and we’re working hard to continually improve it and to strive for perfection.
So whatever your background, we’re sure there’s something for you here. Come help us build the future of Web3 and digital ownership.
🌔 About the Opportunity
The Security Operations (SecOps) team at MoonPay is dedicated to ensuring the security and integrity of our systems and data in an increasingly complex digital landscape. Comprising a diverse group of professionals from various regions around the globe, our multicultural team brings together a wealth of expertise and perspectives to tackle security challenges effectively.
Our mission is to identify and mitigate vulnerabilities and threats while maintaining strict compliance with security policies and relevant regulations. By leveraging advanced security measures and proactive threat detection techniques, we work diligently to safeguard our infrastructure and protect our customers’ information.
In collaboration with the IT team and other departments, we foster a culture of security awareness, sharing best practices and ensuring that everyone at MoonPay understands their role in maintaining a secure environment. Our key responsibilities include incident response, security monitoring, endpoint security, VPN, vulnerability management, and third-party risk management (TPRM), all of which contribute to our overarching goal: to create a secure environment for our employees, clients and partners.
Join us in our commitment to security excellence and help us build a safer future in the blockchain and payments industry!
🚀 What you will do
As a Security Operations Engineer at MoonPay, you will take on a multifaceted role focused on enhancing our security posture. Your responsibilities will include:
Incident Response: Act as the primary incident responder by triaging alerts, escalating issues, and leading the incident response (IR) process through all stages of security incidents to ensure swift resolution and recovery.
SIEM/SOAR Platform Management: Utilize the Google SecOps platform to maintain and develop detection rules, such as YARA, effectively ingest logs from various platforms using multiple ingestion methods (e.g., webhook, scripts). Write parsers and continually optimize processes to reduce false positives, enhancing overall efficiency.
Platform Maintenance: Maintain and optimize our current security stack, which includes tools such as CrowdStrike, Google SecOps, Area1, Cloudflare WARP, and Code42, to ensure effective protection against evolving threats.
Security Awareness Training: Conduct security awareness training sessions for employees and serve as the ambassador of security best practices within the company, promoting a proactive security culture.
Vulnerability Management: Identify and mitigate vulnerabilities on endpoints and software-as-a-service (SaaS) stacks, implementing necessary measures to protect our infrastructure.
Third-Party Risk Assessment: Assess the security posture of vendors prior to onboarding to identify and manage third-party risks effectively, ensuring that they align with our security standards.
Project Participation: Engage in projects focused on implementing new security platforms, contributing your expertise to strengthen our security measures.
Documentation and Process Development: Create and maintain comprehensive documentation of processes, triage runbooks, standards, and policies, ensuring clarity and adherence to security protocols.
In this role, you will contribute significantly to the security landscape of MoonPay, helping to protect our systems, data, and customers while promoting a culture of security awareness and best practices throughout the organization.
💻 What you’ll be working on
In this role, you’ll work closely with the Security Operations (SecOps) team to run daily security operations, strengthen our security posture, and promote best practices across the company. You’ll implement and maintain security controls using tools like Crowdstrike, Okta, and Google SecOps; manage endpoint and network security; develop SIEM/SOAR detections and dashboards; support the SOC team with investigations and incident response; handle DLP and vendor risk reviews; and continuously identify ways to improve our processes. This is a great opportunity to make a real impact while growing your skills in a dynamic, collaborative environment.
🧑🚀 About You
Experiences:
– Minimum of 1-2 years in security operations
– Focus on incident management, SIEM, DLP, threat intelligence, VPN, and email security
Security Frameworks:
– Worked with frameworks such as ISO 27001, SOC 2, and PCI-DSS.
– Responsible for implementing key security controls.
Cybersecurity Principles:
– Strong understanding of cybersecurity principles and best practices
Analytical Skills:
– Excellent analytical and problem-solving abilities
Crisis Management:
– Ability to work effectively under pressure
– Capable of handling multiple incidents simultaneously
Communication:
– Strong communication and interpersonal skills to collaborate with various teams
Bonus Qualifications
Certifications:
– CISSP, CISM, or equivalent certifications are a plus
Technical Proficiency:
Proven experience with tools such as:
– Google SecOps
– Crowdstrike
– Cloudflare
– Code42
– ZeroFox
– Okta
– Google Workspace
– Jira
