Security Engineer

About Us

OpenFX is on a mission to move money as freely as data, unrestricted by time zones, banking hours, or legacy systems. We are building the infrastructure that will power the next generation of cross-border payment systems for institutions. The team's execution has been exceptional, and we're scaling at a remarkable pace. Our stellar early team comes with experience in companies like J.P. Morgan, Goldman Sachs, FalconX, Paypal, Affirm, Polygon, Kraken, Nium & others. We’re backed by Accel, Lightspeed, NfX and other top-tier investors.

We are seeking an experienced Security Engineer to safeguard our infrastructure, applications, and sensitive data. As a key member of the team, you'll lead efforts to fortify our systems against emerging threats and  implement robust security frameworks.

Responsibilities & Expectations

Infrastructure Security Management:

• Design and implement security measures for cloud infrastructure, networks and endpoints.
• Regularly assess vulnerabilities and deploy updates to mitigate security risks.
• Monitor and respond to security incidents in real time, ensuring swift containment and resolution.
• Conduct periodic audits of access controls, configurations, and compliance.

Application Security:

• Collaborate with development teams to ensure secure coding practices are followed.
• Perform regular penetration testing and security assessments of applications and APIs.
• Develop and maintain automated security testing tools integrated with CI/CD pipelines.
• Identify and remediate vulnerabilities during the software development lifecycle.

Security Awareness & Compliance:

• Ensure compliance with regulations in the stringent, security-first industry.
• Maintain comprehensive documentation of security policies, processes, and response plans.

Must-Have Qualifications

• 5+ years of experience in cybersecurity roles focusing on infrastructure and application security with proven ability to manage and respond to security incidents.
• Understanding of Security Engineering fundamentals and tooling lifecycle (from Proof of Concept, Design and Deployment, to Retirement).
• Strong understanding of security tools (WAF, Bot Management, CSPM, DSPM, SAST/DAST, API + Runtime Security) to protect Cloud and Container infrastructure for public-facing applications.
• Hands-on experience with AWS Cloud services like EC2, EKS, VPC, S3, IAM, CloudFormation and Lambda.

Nice-to-Have Qualifications

• Knowledge of blockchain security and cryptographic protocols.
• Interest in emerging technologies like AI security and zero-trust architectures.
• Expertise in vulnerability assessment tools like Nessus, Qualys, or Burp Suite.
• Expertise in  writing software, scripts, and automation projects with a focus on applied computer programming and/or scripting language experience (Java, Python, Perl, Ruby, C++). Experience with JavaScript or TypeScript is highly preferred.

What Sets Great Candidates Apart

• Demonstrated ability to prevent and mitigate complex cyber threats.
• Strong communication skills to educate teams on security practices.
• Proven track record of implementing security measures in high-growth startups.
• Experience collaborating with cross-functional teams to ensure secure product delivery.

What We Offer

• Competitive salary and benefits package
• Equity in a rapidly growing  company
• Opportunity to work on cutting-edge security problems in a rapidly evolving industry
• Opportunity to make significant impact on global financial infrastructure
• Collaborative work culture with emphasis on personal and professional growth

We are committed to building a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status