OpenFX
About Us
OpenFX is on a mission to move money as freely as data, unrestricted by time zones, banking hours, or legacy systems. We are building the infrastructure that will power the next generation of cross-border payment systems for institutions. The team’s execution has been exceptional, and we’re scaling at a remarkable pace. Our stellar early team comes with experience in companies like J.P. Morgan, Goldman Sachs, FalconX, PayPal, Affirm, Polygon, Kraken, Nium & others. We’re backed by Accel, Faction, NfX, Accomplice, and other top-tier investors.
Role Overview
This is a hybrid Application + Cloud Security role for an engineer who has 2–4 years of hands-on security experience and is ready to grow into a specialist. You’ll spend roughly half your time supporting AppSec (code review, secure SDLC tooling, threat modeling, findings triage) and half on CloudSec (AWS account security, IAM reviews, Kubernetes hardening, WAF tuning).
You’ll partner closely with our Sr. Application Security Engineer and Cloud Security Engineer (both L3), picking up increasingly complex work as you ramp. The goal is for you to develop deep expertise in one of the two specializations within 12–18 months while remaining strong across both.
This role is ideal for someone who is technically curious, has shipped real security work (not just evaluated tools), and wants to grow fast in a high-stakes fintech environment.
Key Responsibilities
Application Security (~50%)
- Perform manual and automated code reviews alongside the Sr. AppSec engineer, with growing independence over time
- Triage, reproduce, and drive remediation on findings from SAST, DAST, SCA, bug bounty, and internal reports
- Support threat-modeling sessions for new services and features
- Tune and maintain AppSec tooling in CI/CD to minimize noise and maximize signal
- Partner with engineering pods to help developers fix issues the right way the first time
Cloud Security (~50%)
- Support AWS account security: IAM policy reviews, least-privilege analysis, and guardrail enforcement via Config/SCPs
- Help harden Kubernetes clusters — admission control (OPA/Gatekeeper, Kyverno), RBAC hygiene, secrets management
- Tune WAF rules (AWS WAF / Cloudflare) to reduce false positives without creating blind spots
- Run vulnerability scans against cloud infrastructure and containers; drive remediation with DevOps
- Contribute to security automation: small tools and scripts that reduce manual work (Python / Go / Bash)
- Monitor GuardDuty, Security Hub, and Config findings; triage and escalate as needed
Cross-cutting
- Contribute to security policies, standards, runbooks, and incident playbooks
- Participate in InfoSec on-call rotation
- Research emerging threats and bring recommendations back to the team
What We’re Looking For
Required
- 2–4 years of hands-on experience in Application Security, Cloud Security, or a closely related role
- Solid grounding in security fundamentals: OWASP Top 10, TLS/PKI basics, OAuth/JWT, common cloud attack patterns
- Hands-on exposure to both AppSec (at least one of SAST/DAST/manual review) and CloudSec (at least one of AWS/GCP/Azure) — you don’t need to be expert in both, but you should have shipped work in both
- Scripting ability in Python, Go, or Bash — you can write useful internal tools, not just one-liners
- Clear communicator — can translate a finding into something an engineer will actually fix
- Hunger to grow — you take feedback well, go deep on topics, and own your ramp
Preferred
- Degree or equivalent experience in Computer Science, Information Security, or similar
- Exposure to Kubernetes in production, even if not as the primary owner
- Familiarity with IaC (Terraform) and how security gets enforced (or bypassed) in code
- Bug bounty, CTF, or open-source security contributions — demonstrated curiosity outside the 9-to-5
- Certifications a plus but not required: AWS Security Specialty, OSCP, CKS, CEH
What We Offer
- Competitive salary and benefits package
- Equity in a rapidly growing company
- Opportunity to work in a fast-paced startup at the forefront of fintech innovation
- A real growth path — this role is designed to develop you into an L3 specialist
- Collaborative work culture with emphasis on personal and professional growth
We are committed to building a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
To apply for this job please visit job-boards.greenhouse.io.
Explore OpenFX online
Working in Bangalore, India
Bengaluru, also known as Bangalore, is the capital and largest city of the southern Indian state of Karnataka. As per the 2011 census, the city had a population of 8.4 million, making it the third most populous city in India and the most populous in South India. The Bengaluru metropolitan area had a population of around 8.5 million, making it the fifth most populous urban agglomeration in the country. It is located towards the southern end of the Deccan Plateau, at an altitude of 900 m (3,000 ft) above sea level. The city is known as India's "Garden City", due to its parks and greenery.
Job details above are provided by the employer/source. The sections on this page are compiled from public data sources with AI assistance.
Accommodations: if you need a workplace accommodation to apply for or perform this job, see ADA.gov or EEOC.gov for guidance on your rights and how to request one.
Keep exploring on Get A Job.ai
Not quite the right fit? Your next opportunity is a click away.
- Browse all jobs
- More jobs by category
- Remote jobs you can do from anywhere
- Research typical pay for this role
- Set a job alert so new matches reach you first
- Upload your resume to apply faster
Hiring instead? Post a job and reach candidates searching right now.
