Ocrolus

Senior Security Engineer, Product Security

Ocrolus

full-time

Posted on:

Location Type: Remote

Location: India

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

CloudGoJavaPythonSDLCSQL

About the role

  • Work closely with the CISO to build the product security strategy, roadmap, and metrics to measure and monitor product security posture
  • Conduct design and architecture reviews for Ocrolus products and infrastructure
  • Perform code reviews and application security assessments, including AI/LLMs
  • Engage with the development teams to conduct secure design reviews/threat modeling exercises
  • Identify vulnerabilities/threats that could affect Ocrolus products through independent research and work with the developers on workarounds/mitigation plans
  • Be the go-to person for developers in solving critical issues relating to secure product development
  • Run penetration testing targeting critical data, services, and environments
  • Write and disseminate security guidelines for common security issues, remediation, and security technology baselines
  • Collaborate with stakeholders to ensure secure deployment of AI systems by staying updated on AI security best practices and executing adversarial testing strategies
  • Guide engineering teams on secure coding and testing principles/practices
  • Spread security culture throughout the organization

Requirements

  • A total of 4+ years of experience in product security (code, web application, API)
  • Experience in performing threat modeling, design reviews, code reviews, web application security, and enterprise cloud penetration testing
  • Good proficiency with a programming language (e.g., Java, Python, Go, Bash)
  • Ability to automate product security processes and optimize productivity with SAST & DAST tools
  • Stellar understanding of secure software development lifecycle (SDLC)
  • Good Knowledge of authentication, authorization, and access control mechanisms, cryptographic algorithms, and secure network communication protocols
  • Experience in cloud security architecture and infrastructure
  • Self-driven with excellent communication and prioritization skills
  • Ability to interpret and explain multiple classes of vulnerabilities, such as cross-site scripting, SQL Injection, CSRF, cryptographic-related weakness, and code injection, to various audiences
Benefits
  • Health insurance
  • Professional development
  • Flexible working hours
  • Remote-first environment
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
product securitythreat modelingdesign reviewscode reviewsweb application securityAPI securitypenetration testingsecure software development lifecycleprogramming languagescloud security architecture
Soft Skills
communicationprioritizationself-drivencollaboration