About One

One’s mission is simple - to help customers achieve financial progress. We’re doing this by creating simple solutions to help our customers save, spend, borrow, and grow their money – all in one place.

The U.S. consumer today deserves better. Millions of Americans today can’t access credit, build savings or wealth, and are left to manage their financial lives through multiple disconnected apps. Almost a quarter of U.S. adults are unbanked or underbanked and roughly 80% of fintech users rely on multiple accounts to manage their finances.

What makes us unique? We are backed by a preeminent fintech investor (Ribbit) and the world’s largest retailer (Walmart), maintain the speed and independence of a startup, and employ a strong (and growing) collection of world-class talent.

There’s never been a better moment to build a business that helps people achieve financial progress. Come build with us!

The role

As a Corporate Security Engineer at One, you will lead the design, implementation, and optimization of ONE's corporate security infrastructure. You will proactively enhance security controls, develop strategic security frameworks, and lead initiatives that align security goals with business objectives. Automation and managed self-service capabilities are a must for maintaining the security of all corporate systems in a rapidly scaling environment. Security is a cornerstone of every task, project, and decision you oversee, making this role a critical contributor to the company's overall security posture.

This role is responsible for:

• Lead maturity and standardization improvements in ONE's Identity and Access Management (IAM) systems for AWS, SaaS platforms, and corporate tools.

• Design and deploy endpoint security measures aligned with industry standards, including vulnerability management.

• Implement a strong security posture for our corporate SaaS applications by analyzing vendor capabilities and either configuring applications to align with ONE’s standards and processes, or building tooling and automations to augment vendor capabilities to meet these standards.

• Mature and manage data protection controls, including Data Loss Prevention (DLP) tools and secure data handling processes.

• Build secure methods for sharing data with internal teams and external partners.

• Work closely with IT, Infrastructure, DevOps, and other Security teams to implement and refine technical security measures.

• Own and maintain critical corporate systems, ensuring reliability and smooth updates.

• Help develop and run incident response and disaster recovery plans, including tabletop exercises.

• Identify and implement automation solutions to simplify and improve security processes.

You bring

• 8+ years of IT experience, including 5+ years in enterprise security within cloud environments.

• Expertise in AWS IAM, managing roles, policies, and integrating third-party SaaS applications.

• Strong experience with macOS management tools (e.g., Jamf Pro), MDM solutions, and securing SaaS platforms like Google Workspace and Okta.

• Solid understanding of networking, authentication standards, and frameworks like MITRE ATT&CK, NIST CSF, and CIS benchmarks.

• Advanced skills with Infrastructure-as-Code tools like Terraform to configure and secure infrastructure and platforms.

• Skilled in scripting with Python and/or TypeScript.

• Hands-on experience with Zero Trust Network Access (ZTNA) and Data Loss Prevention (DLP) solutions like Netskope or Zscaler.

• Proven ability to lead large projects, automate processes, and achieve measurable security improvements.

• Skilled at mentoring, simplifying technical concepts for non-technical audiences, and influencing decisions.

Pay Transparency

The estimated annual base salary for this position ranges from $175,000 to $225,000. Pay is generally based on the level, complexity, responsibility, and job duties/requirements of the specific position. We then source candidates with the requisite skills, expertise, education, training, and experience.  If you are selected for an interview, please feel welcome to speak to a Talent Partner about our compensation philosophy and other available benefits.

What it’s like working @ One

• Competitive cash

• Benefits effective on day one

• Early access to a high potential, high growth fintech

• Generous stock option packages in an early-stage startup

• Remote friendly (anywhere in the US) and office friendly - you pick the schedule

• Flexible time off programs - vacation, sick, paid parental leave, and paid caregiver leave

• 401(k) plan with match

We use Covey as part of our hiring process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on May 31, 2024.

Please see the independent bias audit report covering our use of Covey here.

Leveling Philosophy

In order to thoughtfully scale the company and avoid downstream inequities, we’ve adopted a flat titling structure at One. Though we may occasionally post a role externally with a prefix such as “Senior” to reflect the external level of the position, we do not use prefixes in titles like that internally unless in a position which manages a team. Internal titles typically include your specific functional responsibility, such as engineering, product management or sales, and often include additional descriptors to ensure clarity of role and placement within our organization (i.e. “Engineer, Platform”, “Sales, Business Development” or “Manager, Talent”). Employees are paid commensurate with their experience and the internal level within One.

Inclusion & Belonging

To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at talent@one.app.