Product Security Engineering Manager

Sacramento, CA, United States

ONE Save, spend, and grow your money — all in one place. View company page

ONE's mission is simple — financial progress. We’re doing this by creating simple solutions to help our customers save, spend, and grow their money — all in one place.

The U.S. consumer today deserves better. Millions of Americans today can’t access credit, build savings or wealth, and are left to manage their financial lives through multiple disconnected apps. Almost a quarter of U.S. adults are unbanked or underbanked and roughly 80% of fintech users rely on multiple accounts to manage their finances.

What makes us unique? We are backed by a preeminent fintech investor (Ribbit) and the world’s largest retailer (Walmart), maintain the speed and independence of a startup, and employ a strong (and growing) collection of world-class talent.

There’s never been a better moment to build a business that helps people achieve financial progress. Come build with us!

The role ONE is seeking an experienced and dynamic Product Security Engineering Manager to lead our product security initiatives. As a key member of our team, you will play a critical role in safeguarding our applications, systems, and data. You will be responsible for a team of security engineers who perform application, platform, and cloud security functions. The team partners with product engineering squads to help them build secure solutions, while also building and delivering security roadmap capabilities to continuously mature ONE’s product security control environment. It is important that you are interested in directly contributing to building and maturing security capabilities while also leading the security engineering team and fostering a collaborative security culture.

This role is responsible for:

Developing and executing the security capabilities roadmap ensuring its alignment with product initiatives and business goals.

Collaborating with cross-functional teams to integrate security practices into the software development lifecycle.

Leading and mentoring a team of security engineers in both the United States and India while fostering a collaborative and innovative security culture.

Setting performance goals, conducting performance evaluations, and providing ongoing feedback.

Assessing and enhancing the security of our applications and APIs, and the underlying infrastructure on which they are deployed.

Conducting code reviews, secure configuration reviews, and vulnerability assessments, and overseeing security testing by qualified third parties.

Implementing secure coding practices, developing standards, and educating development teams.

Driving the product strategy and technology roadmap for security capabilities, including automated testing tools like SAST, SCA, DAST, and CSPM.

Designing, implementing, and managing infrastructure and platform security controls, especially for a modern application deployment stack to include Kubernetes and the AWS control plane.

Working closely with stakeholders to prioritize security enhancements.

Ensuring security solutions enable the product and business operations to comply with industry standards (e.g., ISO 27001, NIST) and regulatory requirements while meeting the product design requirements.

You bring

8+ years of experience in security roles, with a focus on application security and cloud security.

2+ years of team management experience.

Deep understanding of cybersecurity principles, threat landscape, and best practices.

Deep knowledge of application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten), especially as they apply to TypeScript and React Native applications.

Knowledge of security best practices for modern application stacks, including Kubernetes.

Expertise in AWS services, including IAM, EC2, S3, Lambda, and AWS’ ecosystem of security services.

Experience with API security, authentication, and authorization mechanisms.

Expertise in verifying and measuring common security vulnerabilities, and demonstrated ability to communicate these concepts to technical and non-technical partners.

Certifications such as CISSP, GCLD, or GCSA are a plus.

About ONE ONE's mission is simple — financial progress. We’re doing this by creating simple solutions to help our customers save, spend, and grow their money — all in one place.

The U.S. consumer today deserves better. Millions of Americans today can’t access credit, build savings or wealth, and are left to manage their financial lives through multiple disconnected apps. Almost a quarter of U.S. adults are unbanked or underbanked and roughly 80% of fintech users rely on multiple accounts to manage their finances.

What makes us unique? We are backed by a preeminent fintech investor (Ribbit) and the world’s largest retailer (Walmart), maintain the speed and independence of a startup, and employ a strong (and growing) collection of world-class talent.

There’s never been a better moment to build a business that helps people achieve financial progress. Come build with us!

The role ONE is seeking an experienced and dynamic Product Security Engineering Manager to lead our product security initiatives. As a key member of our team, you will play a critical role in safeguarding our applications, systems, and data. You will be responsible for a team of security engineers who perform application, platform, and cloud security functions. The team partners with product engineering squads to help them build secure solutions, while also building and delivering security roadmap capabilities to continuously mature ONE’s product security control environment. It is important that you are interested in directly contributing to building and maturing security capabilities while also leading the security engineering team and fostering a collaborative security culture.

This role is responsible for:

Developing and executing the security capabilities roadmap ensuring its alignment with product initiatives and business goals.

Collaborating with cross-functional teams to integrate security practices into the software development lifecycle.

Leading and mentoring a team of security engineers in both the United States and India while fostering a collaborative and innovative security culture.

Setting performance goals, conducting performance evaluations, and providing ongoing feedback.

Assessing and enhancing the security of our applications and APIs, and the underlying infrastructure on which they are deployed.

Conducting code reviews, secure configuration reviews, and vulnerability assessments, and overseeing security testing by qualified third parties.

Implementing secure coding practices, developing standards, and educating development teams.

Driving the product strategy and technology roadmap for security capabilities, including automated testing tools like SAST, SCA, DAST, and CSPM.

Designing, implementing, and managing infrastructure and platform security controls, especially for a modern application deployment stack to include Kubernetes and the AWS control plane.

Working closely with stakeholders to prioritize security enhancements.

Ensuring security solutions enable the product and business operations to comply with industry standards (e.g., ISO 27001, NIST) and regulatory requirements while meeting the product design requirements.

You bring

8+ years of experience in security roles, with a focus on application security and cloud security.

2+ years of team management experience.

Deep understanding of cybersecurity principles, threat landscape, and best practices.

Deep knowledge of application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten), especially as they apply to TypeScript and React Native applications.

Knowledge of security best practices for modern application stacks, including Kubernetes.

Expertise in AWS services, including IAM, EC2, S3, Lambda, and AWS’ ecosystem of security services.

Experience with API security, authentication, and authorization mechanisms.

Expertise in verifying and measuring common security vulnerabilities, and demonstrated ability to communicate these concepts to technical and non-technical partners.

Certifications such as CISSP, GCLD, or GCSA are a plus.

Pay Transparency The estimated annual base salary for this position ranges from $200,000 to $250,000. Pay is generally based upon the level, complexity, responsibility, and job duties / requirements of the specific position. We then source candidates with the requisite skills, expertise, education, training, and experience. If you are selected for an interview, please feel welcome to speak to a Talent Partner about our compensation philosophy and other available benefits.

Working @ ONE Our teams collaborate remotely and in our work spaces in New York and Sacramento.

Competitive cash

Benefits effective on day one

Early access to a high potential, high growth fintech

Generous stock option packages in an early-stage startup

Remote friendly (anywhere in the US) and office friendly - you pick the schedule

Flexible time off programs - vacation, sick, paid parental leave, and paid caregiver leave

401(k) plan with match

Leveling Philosophy In order to thoughtfully scale the company and avoid downstream inequities, we’ve adopted a flat titling structure at ONE. Though we may occasionally post a role externally with a prefix such as “Senior” to reflect the external level of the position, we do not use prefixes in titles like that internally unless in a position which manages a team. Internal titles typically include your specific functional responsibility, such as engineering, product management or sales, and often include additional descriptors to ensure clarity of role and placement within our organization (i.e. “Engineer, Platform”, “Sales, Business Development” or “Manager, Talent”). Employees are paid commensurate with their experience and the internal level within ONE.

Inclusion & Belonging To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at [email protected].

Explore more InfoSec / Cybersecurity career opportunities Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr