InfoSec Engineer
OpenFX · Bengaluru, Karnataka, India
This listing has closed — view similar roles below.
- On site
- Full-time
- $130,000 / year
- Bengaluru, Karnataka, India
Job highlights
- Secure OpenFX applications, cloud, and Kubernetes environments.
- Design and enforce defenses across AWS and web apps.
- Manage WAFs, firewalls, and drive security automation.
- Perform security testing and code reviews.
- Collaborate with teams on secure architecture and remediation.
About the role
About Us
OpenFX is on a mission to move money as freely as data, unrestricted by time zones, banking hours, or legacy systems. We are building the infrastructure that will power the next generation of cross-border payment systems for institutions. The team's execution has been exceptional, and we're scaling at a remarkable pace. Our stellar early team comes with experience in companies like J.P. Morgan, Goldman Sachs, FalconX, Paypal, Affirm, Polygon, Kraken, Nium & others. We're backed by Accel, Faction, NfX, Accomplice, and other top-tier investors.
Role Overview
As an InfoSec Engineer, you will take ownership of securing OpenFX's applications, cloud infrastructure, and Kubernetes environments. You will design and enforce defenses across AWS and web applications, manage WAFs and firewalls, and drive security automation. This is a hands-on, high-impact role where you will directly strengthen the resilience of our financial infrastructure and shape our security posture as we scale. This role is ideal for a technically skilled security engineer with deep experience in application and cloud security, who thrives in high-growth environments and enjoys solving complex problems through both technical execution and collaboration.
Key Responsibilities
- Perform web application security testing (manual and automated), identify vulnerabilities, and provide remediation guidance
- Conduct manual and automated code reviews across backend and frontend services, focusing on authentication, authorization, cryptography, and data protection
- Secure AWS accounts and resources by implementing IAM best practices, network segmentation, encryption, and monitoring
- Harden Kubernetes clusters, secure workloads, and integrate tools for runtime protection and policy enforcement
- Configure and tune WAF security rules, monitor traffic, and ensure high availability of perimeter defenses (AWS WAF, Akamai, Cloudflare)
- Plan and execute targeted internal penetration tests, vulnerability assessments, and adversarial simulations
- Design and build in-house tools and scripts (Python, Bash, Go, etc.) for vulnerability scanning, log analysis, and automated alerting
- Partner with software and DevOps teams to remediate vulnerabilities, prioritize risks, and influence secure architecture decisions
- Contribute to security policies, standards, and incident playbooks to align with compliance requirements
- Research emerging threats, evaluate new tools, and proactively recommend improvements to strengthen defenses
What We're Looking For
- 4+ years of professional experience in Information Security, Application Security, or Cloud Security
- Solid understanding of security fundamentals, networking, operating systems, and cloud infrastructure
- Hands-on experience with scripting/programming for automation (Python, Go, Bash, or similar)
- Strong problem-solving ability, able to analyze risks and propose pragmatic security solutions
- Clear communication and influencing skills: can explain risks, back opinions with context/data, and build trust with peers
- Demonstrated ability to work independently with minimal guidance, while collaborating effectively in a team
Preferred Qualifications
- Experience with manual and automated AppSec testing tools (Burp Suite, ZAP, SAST/DAST)
- Familiarity with secure SDLC practices and developer enablement
- Strong hands-on exposure to AWS Security services (IAM, GuardDuty, Config, Security Hub, KMS)
- Practical experience with Kubernetes security tools (OPA/Gatekeeper, Kyverno, Falco, Aqua, Prisma)
- Familiarity with DevSecOps workflows and CI/CD pipeline integration
- Exposure to incident response or digital forensics
- Relevant certifications a plus (OSCP, OSWE, AWS Security Specialty, CISSP)
What We Offer
- Competitive salary and benefits package.
- Equity in a rapidly growing company.
- Opportunity to work in a fast-paced startup at the forefront of fintech innovation.
- Opportunity to make a significant impact on global financial infrastructure.
- Collaborative work culture with emphasis on personal and professional growth.
We are committed to building a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Key skills/competency
- InfoSec Engineer
- Application Security
- Cloud Security
- Kubernetes Security
- AWS Security
- Penetration Testing
- Security Automation
- DevSecOps
- Vulnerability Assessment
- Risk Management
Skills & topics
- InfoSec Engineer
- Information Security
- Application Security
- Cloud Security
- AWS
- Kubernetes
- Security Automation
- Penetration Testing
- Vulnerability Assessment
- DevSecOps
How to get hired
- Tailor your resume: Highlight your InfoSec, application security, and cloud security experience. Quantify achievements in automation and vulnerability remediation.
- Showcase technical skills: Emphasize your proficiency in Python, Go, Bash, AWS security services, and Kubernetes security tools.
- Prepare for technical interviews: Be ready to discuss your experience with security testing tools, secure SDLC, and incident response scenarios.
- Demonstrate problem-solving: Articulate how you analyze risks and propose pragmatic security solutions during interviews.
- Understand OpenFX's mission: Research their work in cross-border payments and how security is crucial to their success.
Technical preparation
Master Python, Go, or Bash for security scripting.,Deep dive into AWS security services and IAM.,Practice hardening Kubernetes and using security tools.,Perform simulated web app penetration tests.
Behavioral questions
Describe a complex security problem you solved.,How do you explain technical risks to non-technical teams?,Share an example of influencing secure architecture decisions.,How do you stay updated on emerging security threats?
Frequently asked questions
- What are the core responsibilities of an InfoSec Engineer at OpenFX?
- An InfoSec Engineer at OpenFX is responsible for securing applications, cloud infrastructure (AWS), and Kubernetes environments. This includes performing security testing, code reviews, implementing AWS security best practices, hardening Kubernetes clusters, managing WAFs, conducting penetration tests, and developing security automation tools. You'll also partner with development and DevOps teams to remediate vulnerabilities and contribute to security policies.
- What technical skills are essential for the InfoSec Engineer role at OpenFX?
- Essential technical skills include 4+ years of experience in Information Security, Application Security, or Cloud Security. You'll need a strong understanding of security fundamentals, networking, operating systems, and cloud infrastructure. Hands-on experience with scripting/programming for automation (Python, Go, Bash) is crucial. Familiarity with AWS Security services and Kubernetes security tools is highly preferred.
- How does OpenFX ensure security in its payment infrastructure?
- OpenFX secures its payment infrastructure through a multi-layered approach. This involves rigorous application security testing, securing AWS accounts and resources with IAM best practices, hardening Kubernetes clusters, and managing perimeter defenses like WAFs. They also focus on security automation, code reviews, and proactive vulnerability management in collaboration with their software and DevOps teams.
- What kind of environment can I expect as an InfoSec Engineer at OpenFX?
- You can expect a fast-paced, high-growth startup environment at the forefront of fintech innovation. OpenFX offers a collaborative work culture with an emphasis on personal and professional growth, alongside the opportunity to make a significant impact on global financial infrastructure. The team is experienced and backed by top-tier investors.
- What is the preferred experience for an InfoSec Engineer candidate at OpenFX?
- Preferred experience includes hands-on use of AppSec testing tools like Burp Suite and ZAP, familiarity with secure SDLC practices, strong exposure to AWS Security services (IAM, GuardDuty, etc.), practical experience with Kubernetes security tools (OPA/Gatekeeper, Falco, etc.), DevSecOps workflows, and incident response. Relevant certifications are a plus.