Senior Security Engineer Product Security

Job description

Come build at the intersection of AI and fintech. At Ocrolus, we’re on a mission to help lenders automate workflows with confidence—streamlining how financial institutions evaluate borrowers and enabling faster, more accurate lending decisions.

Our AI-powered data and analytics platform is trusted at scale, processing nearly one million credit applications every month across small business, mortgage, and consumer lending. By integrating state-of-the-art open- and closed-source AI models with our human-in-the-loop verification engine, Ocrolus captures data from financial documents with over 99% accuracy. Thanks to our advanced fraud detection and comprehensive cash flow and income analytics, our customers achieve greater efficiency in risk management, and provide expanded access to credit—ultimately creating a more inclusive financial system.

Trusted by more than 400 customers—including industry leaders like Better Mortgage, Brex, Enova, Nova Credit, PayPal, Plaid, SoFi, and Square—Ocrolus stands at the forefront of AI innovation in fintech. Join us, and help redefine how the world’s most innovative lenders do business.

Summary:

Ocrolus is a fast-growing financial technology SaaS (Software-as-a-Service) organization. We are building a world-class security program to secure Ocrolus and our customers’ data. We are looking for diverse security practitioners to help us design, build, and scale product security at Ocrolus. We value critical thinking, creativity, data-driven and intelligence-driven approaches, and offensive experience. Security is a collaborative process, where security is a partner to help achieve business goals securely. We believe in saying “yes and;” instead of “no” when recommending security objectives. We don’t believe in using fear or penalty for the enforcement of security policies and processes, and we will always provide evidence and justification for security controls.

What you’ll do:

• Work closely with the CISO to build the product security strategy,  roadmap, and metrics to measure and monitor product security posture.
• Conduct design and architecture reviews for Ocrolus products and infrastructure.
• Perform code reviews and application security assessments, including AI/LLMs.
• Engage with the development teams to conduct secure design reviews/threat modeling exercises.
• Identify vulnerabilities/threats that could affect Ocrolus products through independent research and work with the developers on workarounds/mitigation plans.
• Be the go-to person for developers in solving critical issues relating to secure product development.
• Run penetration testing targeting critical data, services, and environments. Report underlying security issues and propose enhanced security protections.
• Write and disseminate security guidelines for common security issues, remediation, and security technology baselines.
• Collaborate with stakeholders to ensure secure deployment of AI systems by staying updated on AI security best practices and executing adversarial testing strategies.
• Guide engineering teams on secure coding and testing principles/practices.
• Be a role model for the team and provide a healthy platform for learning and growth. Build relationships with stakeholders throughout the engineering and product organizations.
• Spread security culture throughout the organization.

What you’ll bring:

• A passion for identifying vulnerabilities and remediations.
• Ability to interpret and explain multiple classes of vulnerabilities, such as cross-site scripting, SQL Injection, CSRF, cryptographic-related weakness, and code injection, to various audiences, such as development and management teams.
• Experience in designing and building a wide variety of technical security controls.
• Experience in performing threat modeling, design reviews, code reviews, web application security, and enterprise cloud penetration testing.
• Stellar understanding of secure software development lifecycle (SDLC) and ability to integrate security practices and threat modeling into development processes.
• Ability to automate product security processes and optimize productivity with SAST & DAST tools.
• Good proficiency with a programming language (e.g., Java, Python, Go, Bash).
• Good Knowledge of authentication, authorization, and access control mechanisms, cryptographic algorithms, and secure network communication protocols
• Experience in cloud security architecture and infrastructure.
• Self-driven with excellent communication and prioritization skills.
• A total of 5+ years of experience in product security (code, web application, API)

Good to have:

• Published CVEs / articles on application security
• Contributions to open-source security software
• Certified in application security, pen testing (e.g., OSCP)

Life at Ocrolus

We’re a team of builders, thinkers, and problem solvers who care deeply about our mission — and each other. As a fast-growing, remote-first company, we offer an environment where you can grow your skills, take ownership of your work, and make a meaningful impact.

Our culture is grounded in four core values: Empathy – Understand and serve with compassion

Curiosity – Explore new ideas and question the status quo Humility – Listen, be grounded, and remain open-minded

Ownership – Love what you do, work hard, and deliver excellence

We believe diverse perspectives drive better outcomes. That’s why we’re committed to fostering an inclusive workplace where everyone has a seat at the table, regardless of race, gender, gender identity, age, disability, national origin, or any other protected characteristic.

We look forward to building the future of lending together.