Security Architect

  • San Francisco, CA
  • Full-time

Company Description

GoPago, Inc., is re-imagining the way consumers and brick and mortar businesses use smartphones for mobile commerce – enabling consumers to easily browse, order and pay for everything from food and drinks to haircuts and dry cleaning, while giving merchants a one-stop mobile storefront that lets them run their business and build customer loyalty.


The company has partnered with one of the world’s largest banking institutions, JP Morgan Chase to create the first of its kind mobile commerce merchant network to modernize the way consumers and brick and mortar businesses transact.  The San Francisco based company was founded in 2009, and currently works with merchants in the San Francisco Bay Area and the Hard Rock Hotel in Las Vegas.  For more information, visit

Job Description

The Engineering team is looking for a Security Architect to spearhead the safety and security of our Mobile Application and Point of Sale initiatives. The main duties of the Security Architect will be:

  • Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
  • Verify security systems by developing and implementing test scripts.
  • Upgrade security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
  • Prepare system security reports by collecting, analyzing, and summarizing data and trends.
  • Design and build tools to implement security controls and monitor them 
  • Perform ongoing security testing and code reviews 


A little about you

You’re looking to get a foothold in a fast growing mobile payments startup. You have a firm grasp of both common, and not so common, ways today’s modern mobile applications are hacked and penetrated. 

  • In depth foundation and technical knowledge of information security
  • Extensive knowledge and experience in web application security
  • Ability to perform black box testing and source code review (Java, Ruby)
  • Excellent knowledge of security testing methodologies (e.g. OWASP Testing) and standard security metrics (CWE, CVSS)
  • Hands-on experience with commercial and Open Source penetration testing toolkits (e.g. Nessus, Nikto, Burp Suite, Metasploit, Canvas)
  • Experience in carrying out projects involving large and complex systems, managing different aspects of information security, security audit, risk analysis and incident response
  • Strong verbal, communication and technical writing abilities in order to explain security vulnerabilities and business impact
  • 4+ years in information security
  • CISSP a MAJOR plus

Additional Information

To Apply:

Email cover letter and resume to:

Mitchell Forrer, Recruiting Manager | GoPago, Inc.