InfoSec Engineer

OpenFX is on a mission to move money as freely as data, unrestricted by time zones, banking hours, or legacy systems. We are building the infrastructure that will power the next generation of cross-border payment systems for institutions. The team's execution has been exceptional, and we're scaling at a remarkable pace. Our stellar early team comes with experience in companies like J.P. Morgan, Goldman Sachs, FalconX, Paypal, Affirm, Polygon, Kraken, Nium & others. We're backed by Accel, Faction, NfX, Accomplice, and other top-tier investors.

As an InfoSec Engineer, you will take ownership of securing OpenFX's applications, cloud infrastructure, and Kubernetes environments. You will design and enforce defenses across AWS and web applications, manage WAFs and firewalls, and drive security automation. This is a hands-on, high-impact role where you will directly strengthen the resilience of our financial infrastructure and shape our security posture as we scale. This role is ideal for a technically skilled security engineer with deep experience in application and cloud security, who thrives in high-growth environments and enjoys solving complex problems through both technical execution and collaboration.

• →Perform web application security testing (manual and automated), identify vulnerabilities, and provide remediation guidance
• →Conduct manual and automated code reviews across backend and frontend services, focusing on authentication, authorization, cryptography, and data protection
• →Secure AWS accounts and resources by implementing IAM best practices, network segmentation, encryption, and monitoring
• →Harden Kubernetes clusters, secure workloads, and integrate tools for runtime protection and policy enforcement
• →Configure and tune WAF security rules, monitor traffic, and ensure high availability of perimeter defenses (AWS WAF, Akamai, Cloudflare)
• →Plan and execute targeted internal penetration tests, vulnerability assessments, and adversarial simulations
• →Design and build in-house tools and scripts (Python, Bash, Go, etc.) for vulnerability scanning, log analysis, and automated alerting
• →Partner with software and DevOps teams to remediate vulnerabilities, prioritize risks, and influence secure architecture decisions
• →Contribute to security policies, standards, and incident playbooks to align with compliance requirements
• →Research emerging threats, evaluate new tools, and proactively recommend improvements to strengthen defenses

Required

• 4+ years of professional experience in Information Security, Application Security, or Cloud Security
• Solid understanding of security fundamentals, networking, operating systems, and cloud infrastructure
• Hands-on experience with scripting/programming for automation (Python, Go, Bash, or similar)
• Strong problem-solving ability, able to analyze risks and propose pragmatic security solutions
• Clear communication and influencing skills: can explain risks, back opinions with context/data, and build trust with peers
• Demonstrated ability to work independently with minimal guidance, while collaborating effectively in a team

Preferred

• Experience with manual and automated AppSec testing tools (Burp Suite, ZAP, SAST/DAST)
• Familiarity with secure SDLC practices and developer enablement
• Strong hands-on exposure to AWS Security services (IAM, GuardDuty, Config, Security Hub, KMS)
• Practical experience with Kubernetes security tools (OPA/Gatekeeper, Kyverno, Falco, Aqua, Prisma)
• Familiarity with DevSecOps workflows and CI/CD pipeline integration
• Exposure to incident response or digital forensics
• Relevant certifications a plus (OSCP, OSWE, AWS Security Specialty, CISSP)