Join the Ocrolus rocket ship!

Ocrolus is the leading intelligent automation platform that helps customers make faster and more accurate decisions. Ocrolus transforms documents into digital data and analytics within minutes. That’s why partners like PayPal, Plaid, and Square work with us. Ocrolus has raised over $100 million in venture capital, backed by Oak HC/FT, FinTech Collective, Bullpen Capital, and QED Investors, among others.

Ocrolus is a fast-growing financial technology organization with many emerging security threats and we are building a world-class security program to keep Ocrolus and our customer’s data secure. We are looking for a diverse set of security practitioners to help us design, build, and scale security at Ocrolus. We value critical thinking, creativity, data-driven and intelligence-driven approaches, and offensive experience. We believe security is a collaborative and open process, where security is a partner to help achieve business goals securely. We believe in saying “yes, and” instead of “no” when recommending security objectives. We don’t believe in using fear or penalty for enforcement of security policies and processes, and we will always provide evidence and justification for security controls.

Responsibilities

• Design, build, and run Ocrolus’ product security program.
• Own application security, infrastructure security, and security operations around all of our customer-facing and internal products.
• Own our vulnerability discovery program, including performing, managing, and triaging internal and third-party application assessments, managing our bug bounty program, and implementing program analysis-assisted vulnerability discovery.
• Design and enforce secure engineering practices in our cloud environment, including secrets management, compartmentalization, infrastructure as code, secure defaults, and software supply chain management.
• Teach engineers secure architecture design and secure engineering and cultivate a culture of security within the engineering organization.
• Own our data governance program, including maintaining a data catalog, tracking downstream dataflows, and working with engineering and security operations to detect malicious access to data and systems.
• Perform product security architecture reviews, design reviews, and code reviews and mentor security engineers on performing architecture reviews, design reviews, and code reviews. 
• Build relationships with stakeholders throughout the organization.
• Help build a collaborative and enlightening world-class security team at Ocrolus.

Requirements

• Experience using, writing, and building static, dynamic, instrumentation, and program analysis product security vulnerability scanners.
• Experience performing product-level threat models.
• Experience identifying and designing security features in customer-facing and internal products.
• Experience running data governance programs and reducing data risk.
• Experience working with security operations teams to design threat detection and malicious access to data and applications.
• Deep knowledge of technology and processes used for product security.
• Great communication, prioritization, and project management skills.

Come build the future of fintech with us. At Ocrolus, you will work with extraordinary people and receive benefits and development opportunities to empower you in and out of the office.

Ocrolus employees enjoy flexible working hours, unlimited PTO, Appreciation holidays (last Friday of the month off), an inclusive work environment (D&I Council), and monthly wellness reimbursement for physical and mental well-being. 

We take pride in our dynamic, diverse team, unified by shared values of Ownership, Optimism, Objectivity, Humility, Urgency, and Appreciation. We love what we do and the people we do it with, which is why we welcome every individual, provide them with equal opportunity irrespective of their race, gender, gender identity, age, disability, national origin or any other legally protected rights that one has.

Launch your own Ocrolus experience today!

We look forward to hearing from you!