Jobs Companies OpenFX InfoSec - Application & Cloud Security Engineer (L2)

About this InfoSec - Application & Cloud Security Engineer (L2) role at OpenFX

OpenFX · Onsite · Bangalore

About Us

OpenFX is on a mission to move money as freely as data, unrestricted by time zones, banking hours, or legacy systems. We are building the infrastructure that will power the next generation of cross-border payment systems for institutions. The team's execution has been exceptional, and we're scaling at a remarkable pace. Our stellar early team comes with experience in companies like J.P. Morgan, Goldman Sachs, FalconX, PayPal, Affirm, Polygon, Kraken, Nium & others. We're backed by Accel, Faction, NfX, Accomplice, and other top-tier investors.

Role Overview

This is a hybrid Application + Cloud Security role for an engineer who has 2–4 years of hands-on security experience and is ready to grow into a specialist. You'll spend roughly half your time supporting AppSec (code review, secure SDLC tooling, threat modeling, findings triage) and half on CloudSec (AWS account security, IAM reviews, Kubernetes hardening, WAF tuning).

You'll partner closely with our Sr. Application Security Engineer and Cloud Security Engineer (both L3), picking up increasingly complex work as you ramp. The goal is for you to develop deep expertise in one of the two specializations within 12–18 months while remaining strong across both.

This role is ideal for someone who is technically curious, has shipped real security work (not just evaluated tools), and wants to grow fast in a high-stakes fintech environment.

Key Responsibilities

Application Security (~50%)

  • Perform manual and automated code reviews alongside the Sr. AppSec engineer, with growing independence over time
  • Triage, reproduce, and drive remediation on findings from SAST, DAST, SCA, bug bounty, and internal reports
  • Support threat-modeling sessions for new services and features
  • Tune and maintain AppSec tooling in CI/CD to minimize noise and maximize signal
  • Partner with engineering pods to help developers fix issues the right way the first time

Cloud Security (~50%)

  • Support AWS account security: IAM policy reviews, least-privilege analysis, and guardrail enforcement via Config/SCPs
  • Help harden Kubernetes clusters — admission control (OPA/Gatekeeper, Kyverno), RBAC hygiene, secrets management
  • Tune WAF rules (AWS WAF / Cloudflare) to reduce false positives without creating blind spots
  • Run vulnerability scans against cloud infrastructure and containers; drive remediation with DevOps
  • Contribute to security automation: small tools and scripts that reduce manual work (Python / Go / Bash)
  • Monitor GuardDuty, Security Hub, and Config findings; triage and escalate as needed

Cross-cutting

  • Contribute to security policies, standards, runbooks, and incident playbooks
  • Participate in InfoSec on-call rotation
  • Research emerging threats and bring recommendations back to the team

What We're Looking For

Required

  • 2–4 years of hands-on experience in Application Security, Cloud Security, or a closely related role
  • Solid grounding in security fundamentals: OWASP Top 10, TLS/PKI basics, OAuth/JWT, common cloud attack patterns
  • Hands-on exposure to both AppSec (at least one of SAST/DAST/manual review) and CloudSec (at least one of AWS/GCP/Azure) — you don't need to be expert in both, but you should have shipped work in both
  • Scripting ability in Python, Go, or Bash — you can write useful internal tools, not just one-liners
  • Clear communicator — can translate a finding into something an engineer will actually fix
  • Hunger to grow — you take feedback well, go deep on topics, and own your ramp

Preferred

  • Degree or equivalent experience in Computer Science, Information Security, or similar
  • Exposure to Kubernetes in production, even if not as the primary owner
  • Familiarity with IaC (Terraform) and how security gets enforced (or bypassed) in code
  • Bug bounty, CTF, or open-source security contributions — demonstrated curiosity outside the 9-to-5
  • Certifications a plus but not required: AWS Security Specialty, OSCP, CKS, CEH

What We Offer

  • Competitive salary and benefits package
  • Equity in a rapidly growing company
  • Opportunity to work in a fast-paced startup at the forefront of fintech innovation
  • A real growth path — this role is designed to develop you into an L3 specialist
  • Collaborative work culture with emphasis on personal and professional growth

We are committed to building a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Ready to apply to OpenFX?
Apply to OpenFX

Similar jobs

Sign up for suggestions tailored to the jobs you open and the searches you save.

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get an edge on your job hunt.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free