Pay is generally based upon the level, complexity, responsibility, location and job duties / requirements of the specific position. We then source candidates with the requisite skills, expertise, education, training, and experience. If you are selected for an interview, please feel welcome to speak to a Talent Partner about our compensation philosophy and other available benefits.

About OnePay

OnePay is the consumer fintech trusted by millions of Americans to make money better.

Our financial system is broken. High fees, low rates, and too few ways to actually grow your money. We’re fixing it. And we’re moving fast.

We’re an all-in-one financial services platform that brings together banking, high-yield savings, credit cards, point-of-sale lending, investing, and crypto in one place. We also partner with employers, HCM providers, gig platforms, and others to deliver embedded financial services to millions of employees and frontline workers.

We’re backed by Walmart, the world’s largest retailer, and Ribbit Capital, one of fintech’s most respected investors, giving us rare scale, distribution, and the opportunity to build something truly category-defining.

But what really sets OnePay apart is how we move. Our customers don’t have time to wait… and neither do we. This place moves fast, and we’re looking for people who are:

• Ready to run

• Hungry and driven by urgency

• Exceptional at what they do, with low ego

• Comfortable operating in motion

Security and Threat Operations Engineer

The Role

As a Security and Threat Operations Engineer at OnePay, your work will have a direct impact on protecting our fast-moving fintech environment. You will turn production signals into actionable detection, response, and hardening initiatives, partnering closely with Product Security, Platform Security, and Engineering teams. Your efforts will enable us to proactively identify, monitor, and stop compromised behaviors across OnePay's products and infrastructure, ensuring the continued safety and trust of our business and customers.

You will:

• Build and tune detections, alerts, and monitoring workflows across cloud, application, identity, and edge environments.

• Review traffic patterns across APIs, authentication flows, and WAF telemetry to identify malicious activity, abuse patterns, and anomalous behavior.

• Use AI responsibly as a force multiplier for triage, analysis, and workflow automation, while helping define guardrails for AI-enabled systems.

• Help operate OnePay’s vulnerability management program by triaging, prioritizing, and driving remediation for findings from Wiz, vulnerability scanning, and related workflows.

• Develop Python-based tooling and automation to improve investigations, enrichment, response, and operational scale.

• Partner with Product Security to translate threat models, security reviews, and product risks into production detections and response playbooks.

• Investigate security events end to end, including triage, scoping, containment support, and follow-through on remediation.

• Support vulnerability management and operational security practices in ways that align with PCI and SOC 2 expectations.

• Participate in proactive threat hunting, detection improvement, and a 24x7 security incident response on-call rotation.

You Bring

• 5+ years of experience in information security, threat detection, security operations, detection engineering, or incident response, ideally in a cloud-native or product-focused environment.

• Strong experience investigating suspicious activity in web, API, authentication, and infrastructure telemetry, with the ability to distinguish attacker behavior from normal production noise.

• Demonstrated ability to review traffic and event patterns for signs of malicious activity, fraud, account abuse, credential attacks, reconnaissance, and exploitation attempts.

• Strong Python programming skills and the ability to write maintainable code for automation, enrichment, analysis, and security operations tooling.

• Experience building and tuning detections in a SIEM or detection platform and working with observability and logging systems such as CloudWatch, Datadog, or similar platforms.

• Experience operating or supporting a vulnerability management program, including triage, prioritization, remediation tracking, and stakeholder coordination.

• Familiarity with cloud and application security findings from platforms such as Wiz, including CNAPP, runtime, code, and vulnerability scanning use cases.

• Experience with at least one major cloud provider, preferably AWS.

• Working knowledge of identity and access systems, modern authentication flows, and the security implications of internet-facing applications and APIs.

• Strong understanding of threat modeling, risk prioritization, and practical security controls across applications, infrastructure, and cloud environments.

• Practical experience using AI tools in security workflows, along with sound judgment about AI-specific risks such as prompt injection, data leakage, excessive tool access, and weak auditability.

• Excellent analytical, communication, and cross-functional collaboration skills, especially in environments where security needs to move quickly with product and engineering teams5+ years of experience in information security, threat detection, security operations, detection engineering, or incident response, ideally in a cloud-native or product-focused environment.

• Strong experience investigating suspicious activity in web, API, authentication, and infrastructure telemetry, with the ability to distinguish attacker behavior from normal production noise.

• Demonstrated ability to review traffic and event patterns for signs of malicious activity, fraud, account abuse, credential attacks, reconnaissance, and exploitation attempts.

• Strong Python programming skills and the ability to write maintainable code for automation, enrichment, analysis, and security operations tooling.

• Experience building and tuning detections in a SIEM or detection platform and working with observability and logging systems such as CloudWatch, Datadog, or similar platforms.

• Experience operating or supporting a vulnerability management program, including triage, prioritization, remediation tracking, and stakeholder coordination.

• Familiarity with cloud and application security findings from platforms such as Wiz, including CNAPP, runtime, code, and vulnerability scanning use cases.

• Experience with at least one major cloud provider, preferably AWS.

• Working knowledge of identity and access systems, modern authentication flows, and the security implications of internet-facing applications and APIs.

• Strong understanding of threat modeling, risk prioritization, and practical security controls across applications, infrastructure, and cloud environments.

• Practical experience using AI tools in security workflows, along with sound judgment about AI-specific risks such as prompt injection, data leakage, excessive tool access, and weak auditability.

• Excellent analytical, communication, and cross-functional collaboration skills, especially in environments where security needs to move quickly with product and engineering teams

Tools We Use

We use Node and TypeScript on the server, leveraging the NestJS framework within a microservice-oriented architecture running on Kubernetes and AWS. On the client side, we build and ship product features for iOS, Android, and web platforms using React Native. While you don’t need experience with our exact stack, familiarity with modern software engineering practices will help you ramp up quickly.

What We Offer

• Competitive base salary and stock options

• Health benefits effective from Day 1

• 401(k) plan with company match

• Remote-friendly (US), flexible time-off (FTO), paid parental and caregiver leave

• Generous stock option packages in an early-stage, high-growth fintech

• A high-growth, mission-driven, inclusive culture where your work has real impact

Standard Interview Process

• Initial Interview with Talent Partner

• Technical or Hiring Manager Interview

• Team Interview

• Executive Interview

• Offer!

Equal Employment Opportunity

To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at talent@onepay.com.

Compensation Range: $140K - $190K