Infosec engineer
About the Company:
Ouro is a global, vertically-integrated financial services and technology company dedicated to the delivery of innovative financial empowerment solutions to consumers worldwide. Ouro’s financial products and services span prepaid, debit, cross-border payments, and loyalty solutions for consumers and enterprise partners.
Ouro's flagship product Netspend provides prepaid and debit account solutions that connect customers with secure, convenient access to global payment networks so they can manage their money and make everyday purchases. With a nationwide U.S. retail network, customers can purchase and reload Netspend products at 130,000 reload points and over 100,000 distributing locations.
Since Ouro's founding in 1999 by industry pioneers Roy and Bertrand Sosa, Ouro products have processed billions of dollars in transaction volume and served millions of customers worldwide. The company is headquartered in Austin, Texas with regional offices around the world. Learn more at www.ouro.com.
About the Role
We are seeking a seasoned and highly skilled Senior Application Security Engineer with a proven background in penetration testing, threat hunting, cyber threat intelligence, and digital forensics. This senior-level role will focus on securing applications throughout the software development lifecycle (SDLC) while proactively identifying adversarial threats and supporting incident response. You will drive deep technical initiatives that enhance our organization's security maturity, working cross-functionally with development, DevOps, SOC, and compliance teams.
Key Responsibilities:
Application Security & SDLC Integration:
1. Lead and manage Static (SAST), Dynamic (DAST), and Software Composition Analysis (SCA) efforts using tools like Fortify, Checkmarx, Burp Suite, and Black Duck.
2. Embed security testing into CI/CD pipelines (GitLab, Jenkins) and enforce secure coding practices across engineering teams.
3. Provide technical guidance on threat modeling, secure design, and risk remediation within Agile and DevOps workflows.
4. Develop and maintain custom automation scripts (Python, Bash) for security validation, report generation, and triage workflows.
Penetration Testing & Vulnerability Research:
5. Plan, conduct, and report manual and automated penetration tests against web,
mobile, and API services.
6. Simulate advanced adversarial behavior using red team techniques and tools
(e.g., Burp Suite Pro, OWASP ZAP, Metasploit, Nmap).
7. Research and exploit security vulnerabilities across the application stack; validate
CVEs and 0-days in lab environments.
8. Generate detailed exploit PoCs, attack narratives, and mitigation playbooks for developers and executives.
Threat Intelligence & Hunting:
9. Integrate threat intelligence into vulnerability prioritization and detection engineering using frameworks like MITRE ATT&CK and Kill Chain.
10. Perform proactive threat hunting across logs, WAF telemetry, and behavioral data to identify TTPs indicative of compromise.
11. Write and tune YARA/Sigma detection rules for identifying threats specific to application-layer indicators and attacker infrastructure.
12. Enrich IOCs with contextual intelligence from OSINT, STIX/TAXII, and paid TI platforms (if applicable).
Digital Forensics & Incident Response:
13. Lead forensic investigations for application-layer breaches, using tools such as Volatility, Autopsy, FTK, and The Sleuth Kit.
14. Perform memory, disk, and network traffic analysis to uncover root cause and post-exploitation activity.
15. Participate in IR activities and post-incident reviews to improve detection,containment, and recovery strategies
Minimum Qualifications:
●Bachelor's or Master’s in Computer Science, Cybersecurity, or related field.
●5+ years of experience in application security, penetration testing, or advanced
security engineering roles.
●Strong expertise in SAST, DAST, and SCA tools.
●Hands-on proficiency with manual penetration testing and vulnerability
exploitation.
●Proficiency in Python, Bash, and automation toolchains.
●Experience with CI/CD tools: GitLab, GitHub Actions, Jenkins.
●Excellent communication and mentoring skills.
Preferred Skills & Certifications:
●Knowledge of OWASP Top 10, CWE/SANS Top 25, and secure design patterns.
●Familiarity with SIEM and EDR platforms (e.g., Splunk, SentinelOne,
CrowdStrike).
●Practical understanding of threat intelligence frameworks and IOC enrichment.
●Strong incident response knowledge with hands-on forensic analysis experience.
●Certifications such as:
○OSCP, OSWE, GWAPT (Penetration Testing)
○CISSP, CSSLP (Security Leadership)
○GCTI, GCFA, GNFA (Threat Intel & Forensics)
Preferred Attributes:
●Proactive and analytical thinker with strong attention to detail.
●Passion for mentoring junior engineers and security champions.
●Ability to collaborate effectively across development, infrastructure, and security
operations.
●Commitment to continuous learning in threat trends, tooling, and best practices.
Average salary estimate
If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.
Ouro, a global leader in financial services and technology, is on the lookout for an innovative and experienced Infosec Engineer to join our vibrant team in Noida. As a Senior Application Security Engineer, you'll play a crucial role in fortifying our applications throughout the software development lifecycle (SDLC). This isn't just a routine job; you'll be deep diving into penetration testing, threat hunting, and enhancing our security measures while working closely with our development, DevOps, SOC, and compliance teams. We're looking for someone who not only understands the complexities of application security but also possesses a passion for mentoring others and sharing knowledge. You'll manage static and dynamic security tests, integrate security practices into CI/CD pipelines, and conduct penetration tests against our web, mobile, and API services. Your ability to synthesize threat intelligence and conduct thorough incident responses will be invaluable as we seek to proactively identify adversarial threats. We value attention to detail and a proactive approach, so your contributions will help shape our security strategy at Ouro. If you’re ready to tackle challenges and drive our organization's security maturity to new heights, we can't wait to meet you!
Join UChicago Medicine as an Inpatient Orders Analyst - Associate in a remote role and help advance healthcare through technology.
Join Associated Students UCLA as a NetSuite Administrator/Developer and play a key role in managing their NetSuite ERP and driving innovative solutions.
Nayya is looking for a Senior Security Risk & Compliance Analyst to lead their governance, risk, and compliance initiatives while enhancing their security posture.
The Director of AI Technology at CyberArk will spearhead the development and scaling of innovative AI capabilities within a cross-functional team.
A leading company is looking for a skilled Senior Business System Analyst to enhance their manufacturing systems and provide actionable insights through Power BI.
Join Egis as an Oracle Administrator where you'll enhance data integrity and quality in a pivotal role for our global consulting efforts.
Join METRO as an IT & Information Security Risk and Compliance Expert and take the lead in managing IT risks in a dynamic global environment.
Join Intersec in La Défense as a Tech Support Technician, where you'll support our engineering team and enhance our IT infrastructure.
Netspend & Rêv come together to be the most innovative & accessible company in financial services, focused on helping consumers around the world manage and get more value for their money.
36 jobs
Subscribe to Rise newsletter
🔮
Hi, I'm Risa! Your AI Career Copilot
you, just ask me below!
Sign up for our weekly
newsletter of fresh jobs
