About OnePay

OnePay is the consumer fintech trusted by millions of Americans to make money better.

Our financial system is broken. High fees, low rates, and too few ways to actually grow your money. We’re fixing it. And we’re moving fast.

We’re an all-in-one financial services platform that brings together banking, high-yield savings, credit cards, point-of-sale lending, investing, and crypto in one place. We also partner with employers, HCM providers, gig platforms, and others to deliver embedded financial services to millions of employees and frontline workers.

We’re backed by Walmart, the world’s largest retailer, and Ribbit Capital, one of fintech’s most respected investors, giving us rare scale, distribution, and the opportunity to build something truly category-defining.

But what really sets OnePay apart is how we move. Our customers don’t have time to wait… and neither do we. This place moves fast, and we’re looking for people who are:

• Ready to run

• Hungry and driven by urgency

• Exceptional at what they do, with low ego

• Comfortable operating in motion

Security and Threat Operations Engineer

The Role

As a Security and Threat Operations Engineer at OnePay, your work will have a direct impact on protecting our fast-moving fintech environment. You will turn production signals into actionable detection, response, and hardening initiatives, partnering closely with Product Security, Platform Security, and Engineering teams. Your efforts will enable us to proactively identify, monitor, and stop compromised behaviors across OnePay's products and infrastructure, ensuring the continued safety and trust of our business and customers.

You will:

• Build and tune detections, alerts, and monitoring workflows across cloud, application, identity, and edge environments.

• Review traffic patterns across APIs, authentication flows, and WAF telemetry to identify malicious activity, abuse patterns, and anomalous behavior.

• Use AI responsibly as a force multiplier for triage, analysis, and workflow automation, while helping define guardrails for AI-enabled systems.

• Help operate OnePay’s vulnerability management program by triaging, prioritizing, and driving remediation for findings from Wiz, vulnerability scanning, and related workflows.

• Develop Python-based tooling and automation to improve investigations, enrichment, response, and operational scale.

• Partner with Product Security to translate threat models, security reviews, and product risks into production detections and response playbooks.

• Investigate security events end to end, including triage, scoping, containment support, and follow-through on remediation.

• Support vulnerability management and operational security practices in ways that align with PCI and SOC 2 expectations.

• Participate in proactive threat hunting, detection improvement, and a 24x7 security incident response on-call rotation.

You Bring

• 5+ years of experience in information security, threat detection, security operations, detection engineering, or incident response, ideally in a cloud-native or product-focused environment.

• Strong experience investigating suspicious activity in web, API, authentication, and infrastructure telemetry, with the ability to distinguish attacker behavior from normal production noise.

• Demonstrated ability to review traffic and event patterns for signs of malicious activity, fraud, account abuse, credential attacks, reconnaissance, and exploitation attempts.

• Strong Python programming skills and the ability to write maintainable code for automation, enrichment, analysis, and security operations tooling.

• Experience building and tuning detections in a SIEM or detection platform and working with observability and logging systems such as CloudWatch, Datadog, or similar platforms.

• Experience operating or supporting a vulnerability management program, including triage, prioritization, remediation tracking, and stakeholder coordination.

• Familiarity with cloud and application security findings from platforms such as Wiz, including CNAPP, runtime, code, and vulnerability scanning use cases.

• Experience with at least one major cloud provider, preferably AWS.

• Working knowledge of identity and access systems, modern authentication flows, and the security implications of internet-facing applications and APIs.

• Strong understanding of threat modeling, risk prioritization, and practical security controls across applications, infrastructure, and cloud environments.

• Practical experience using AI tools in security workflows, along with sound judgment about AI-specific risks such as prompt injection, data leakage, excessive tool access, and weak auditability.

• Excellent analytical, communication, and cross-functional collaboration skills, especially in environments where security needs to move quickly with product and engineering teams5+ years of experience in information security, threat detection, security operations, detection engineering, or incident response, ideally in a cloud-native or product-focused environment.