InfoSec - Application & Cloud Security Engineer (L2)
Quick Summary
About Us OpenFX is on a mission to move money as freely as data, unrestricted by time zones, banking hours, or legacy systems.
OpenFX is on a mission to move money as freely as data, unrestricted by time zones, banking hours, or legacy systems. We are building the infrastructure that will power the next generation of cross-border payment systems for institutions. The team's execution has been exceptional, and we're scaling at a remarkable pace. Our stellar early team comes with experience in companies like J.P. Morgan, Goldman Sachs, FalconX, PayPal, Affirm, Polygon, Kraken, Nium & others. We're backed by Accel, Faction, NfX, Accomplice, and other top-tier investors.
This is a hybrid Application + Cloud Security role for an engineer who has 2–4 years of hands-on security experience and is ready to grow into a specialist. You'll spend roughly half your time supporting AppSec (code review, secure SDLC tooling, threat modeling, findings triage) and half on CloudSec (AWS account security, IAM reviews, Kubernetes hardening, WAF tuning).
You'll partner closely with our Sr. Application Security Engineer and Cloud Security Engineer (both L3), picking up increasingly complex work as you ramp. The goal is for you to develop deep expertise in one of the two specializations within 12–18 months while remaining strong across both.
This role is ideal for someone who is technically curious, has shipped real security work (not just evaluated tools), and wants to grow fast in a high-stakes fintech environment.
Responsibilities
~1 min read- Perform manual and automated code reviews alongside the Sr. AppSec engineer, with growing independence over time
- Triage, reproduce, and drive remediation on findings from SAST, DAST, SCA, bug bounty, and internal reports
- Support threat-modeling sessions for new services and features
- Tune and maintain AppSec tooling in CI/CD to minimize noise and maximize signal
- Partner with engineering pods to help developers fix issues the right way the first time
- Support AWS account security: IAM policy reviews, least-privilege analysis, and guardrail enforcement via Config/SCPs
- Help harden Kubernetes clusters — admission control (OPA/Gatekeeper, Kyverno), RBAC hygiene, secrets management
- Tune WAF rules (AWS WAF / Cloudflare) to reduce false positives without creating blind spots
- Run vulnerability scans against cloud infrastructure and containers; drive remediation with DevOps
- Contribute to security automation: small tools and scripts that reduce manual work (Python / Go / Bash)
- Monitor GuardDuty, Security Hub, and Config findings; triage and escalate as needed
- Contribute to security policies, standards, runbooks, and incident playbooks
- Participate in InfoSec on-call rotation
- Research emerging threats and bring recommendations back to the team
- 2–4 years of hands-on experience in Application Security, Cloud Security, or a closely related role
- Solid grounding in security fundamentals: OWASP Top 10, TLS/PKI basics, OAuth/JWT, common cloud attack patterns
- Hands-on exposure to both AppSec (at least one of SAST/DAST/manual review) and CloudSec (at least one of AWS/GCP/Azure) — you don't need to be expert in both, but you should have shipped work in both
- Scripting ability in Python, Go, or Bash — you can write useful internal tools, not just one-liners
- Clear communicator — can translate a finding into something an engineer will actually fix
- Hunger to grow — you take feedback well, go deep on topics, and own your ramp
Nice to Have
~1 min read- Degree or equivalent experience in Computer Science, Information Security, or similar
- Exposure to Kubernetes in production, even if not as the primary owner
- Familiarity with IaC (Terraform) and how security gets enforced (or bypassed) in code
- Bug bounty, CTF, or open-source security contributions — demonstrated curiosity outside the 9-to-5
- Certifications a plus but not required: AWS Security Specialty, OSCP, CKS, CEH
What We Offer
~1 min readLocation & Eligibility
Listing Details
- Posted
- July 6, 2026
- First seen
- July 6, 2026
- Last seen
- July 7, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 60%
- Scored at
- July 6, 2026
Signal breakdown
Please let Openfx know you found this job on Jobera.
3 other jobs at Openfx
View all →Explore open roles at Openfx.
Similar Security Engineer jobs
View all →Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.
