AppSec Jobs
← Back to all jobs

OnePay

Product Security Engineer

United States (Remote)Website

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About OnePay

OnePay is a UK-based independent FinTech company established in 2007, dedicated to promoting financial inclusion through accessible digital payment solutions. The company has served over 750,000 users and supports numerous affiliate businesses by providing a secure platform for easy transactions. OnePay operates primarily as a Business-to-Consumer service, offering a mobile banking app that integrates various financial services, including debit rewards, a digital wallet, and credit-building tools. Users can add any debit or credit card to the digital wallet for quick online checkouts and enjoy rewards, particularly at Walmart. The platform also supports direct deposit, free credit score checking, and other banking services through bank partners, ensuring FDIC membership for deposit accounts. Additionally, OnePay provides a payment gateway solution for businesses, enabling customized transactions and support for payment methods like Apple Pay and Google Pay. With a focus on multi-lingual support and award-winning customer service, OnePay aims to make digital payments accessible to everyone, enhancing convenience for both consumers and businesses in the UK market.

Industry

financial services

Employees

1,300

195 engineers

Revenue

$9M

Website

Visit →

Security at OnePay

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • OnePay's AppSec philosophy and priorities are centered on embedding security into CI/CD pipelines and developer workflows, conducting threat modeling and risk-driven design reviews early in development, and automating vulnerability triage and scanning.
  • They also prioritize regulatory and compliance support (PCI, CCPA, GLBA) and maintaining platform safety, especially when scaling transaction monitoring.
  • The company emphasizes that security is at its core and takes user safety seriously.

Security Team

Public LinkedIn posts identify security and corporate-security leaders at OnePay, including Justin Hadley (who posts hiring messages referencing AppSec) and Gopal Dey (Engineering Manager for Corporate Security & IT Operations). Joubin Jabbari is listed as CISO. However, exact reporting lines, total team headcount, and organizational structure are not publicly available.

Key Initiatives

  • OnePay's initiatives and workflows include embedding security into CI/CD pipelines using policy-as-code tools (pre-commit hooks, SAST/SCA, IDE tool integrations), conducting threat modeling sessions and risk-driven design reviews early in development, and automating repetitive security tasks like vulnerability triage, code scanning, and tool orchestration.
  • They also perform secure code reviews and static/dynamic analysis, overseeing remediation with development teams. Additionally, OnePay has adopted Flagright for AI-native transaction monitoring and AML.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.