Listing Description
Ocrolus is a fast-growing financial technology organization with many emerging security threats and we are building a world-class security program to keep Ocrolus and our customer’s data secure. We are looking for a diverse set of security practitioners to help us design, build, and scale security at Ocrolus. We value critical thinking, creativity, data-driven and intelligence-driven approaches, and offensive experience. We believe security is a collaborative and open process, where security is a partner to help achieve business goals securely. We believe in saying “yes, and” instead of “no” when recommending security objectives. We don’t believe in using fear or penalty for enforcement of security policies and processes, and we will always provide evidence and justification for security controls.
Responsibilities
- Conduct design, architecture, and code reviews for new and existing applications and infrastructure.
- Perform manual product security testing and source code auditing.
- Assist with designing automatic product security testing.
- Give clear and detailed risk assessment and remediation guidelines for engineers and business owners.
- Perform penetration testing targeting critical data, services, and environments.
- Report underlying security issues and propose enhanced security protections.
- Write and disseminate security guidelines for common security issues, remediation, and security technology baselines.
- Build relationships with stakeholders throughout the engineering and product organizations.
- Help build a collaborative and enlightening world-class security team at Ocrolus.
- Spread security culture throughout the organization.
Requirements
- Experience using, writing, and building static, dynamic, instrumentation, and program analysis product security vulnerability scanners.
- Experience performing product-level threat models, design reviews, code reviews, and manual web application security testing.
- Knowledge of technology and processes used for product security.
- Experience with modern cloud platforms and modern programming languages and paradigms.
- Ability to explain basic security, engineering, networking, and cloud concepts.
- Great communication, prioritization, and project management skills.
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided