Infosec engineer

About the Company:

Ouro is a global, vertically-integrated financial services and technology company dedicated to the delivery of innovative financial empowerment solutions to consumers worldwide. Ouro’s financial products and services span prepaid, debit, cross-border payments, and loyalty solutions for consumers and enterprise partners.

Ouro's flagship product Netspend provides prepaid and debit account solutions that connect customers with secure, convenient access to global payment networks so they can manage their money and make everyday purchases. With a nationwide U.S. retail network, customers can purchase and reload Netspend products at 130,000 reload points and over 100,000 distributing locations.

Since Ouro's founding in 1999 by industry pioneers Roy and Bertrand Sosa, Ouro products have processed billions of dollars in transaction volume and served millions of customers worldwide. The company is headquartered in Austin, Texas with regional offices around the world. Learn more at www.ouro.com.

About the Role

We are seeking a seasoned and highly skilled Senior Application Security Engineer with a proven background in penetration testing, threat hunting, cyber threat intelligence, and digital forensics. This senior-level role will focus on securing applications throughout the software development lifecycle (SDLC) while proactively identifying adversarial threats and supporting incident response. You will drive deep technical initiatives that enhance our organization's security maturity, working cross-functionally with development, DevOps, SOC, and compliance teams.

Key Responsibilities:

Application Security & SDLC Integration:

1. Lead and manage Static (SAST), Dynamic (DAST), and Software Composition Analysis (SCA) efforts using tools like Fortify, Checkmarx, Burp Suite, and Black Duck.

2. Embed security testing into CI/CD pipelines (GitLab, Jenkins) and enforce secure coding practices across engineering teams.

3. Provide technical guidance on threat modeling, secure design, and risk remediation within Agile and DevOps workflows.

4. Develop and maintain custom automation scripts (Python, Bash) for security validation, report generation, and triage workflows.

Penetration Testing & Vulnerability Research:

5. Plan, conduct, and report manual and automated penetration tests against web, 

mobile, and API services.

6. Simulate advanced adversarial behavior using red team techniques and tools 

(e.g., Burp Suite Pro, OWASP ZAP, Metasploit, Nmap).

7. Research and exploit security vulnerabilities across the application stack; validate

CVEs and 0-days in lab environments.

8. Generate detailed exploit PoCs, attack narratives, and mitigation playbooks for developers and executives.

Threat Intelligence & Hunting:

9. Integrate threat intelligence into vulnerability prioritization and detection engineering using frameworks like MITRE ATT&CK and Kill Chain.

10. Perform proactive threat hunting across logs, WAF telemetry, and behavioral data to identify TTPs indicative of compromise.

11. Write and tune YARA/Sigma detection rules for identifying threats specific to application-layer indicators and attacker infrastructure.

12. Enrich IOCs with contextual intelligence from OSINT, STIX/TAXII, and paid TI platforms (if applicable).

Digital Forensics & Incident Response:

13. Lead forensic investigations for application-layer breaches, using tools such as Volatility, Autopsy, FTK, and The Sleuth Kit.

14. Perform memory, disk, and network traffic analysis to uncover root cause and post-exploitation activity.

15. Participate in IR activities and post-incident reviews to improve detection,containment, and recovery strategies

Minimum Qualifications:

●Bachelor's or Master’s in Computer Science, Cybersecurity, or related field.

●5+ years of experience in application security, penetration testing, or advanced 

security engineering roles.

●Strong expertise in SAST, DAST, and SCA tools.

●Hands-on proficiency with manual penetration testing and vulnerability 

exploitation.

●Proficiency in Python, Bash, and automation toolchains.

●Experience with CI/CD tools: GitLab, GitHub Actions, Jenkins.

●Excellent communication and mentoring skills.

Preferred Skills & Certifications:

●Knowledge of OWASP Top 10, CWE/SANS Top 25, and secure design patterns.

●Familiarity with SIEM and EDR platforms (e.g., Splunk, SentinelOne, 

CrowdStrike).

●Practical understanding of threat intelligence frameworks and IOC enrichment.

●Strong incident response knowledge with hands-on forensic analysis experience.

●Certifications such as:

○OSCP, OSWE, GWAPT (Penetration Testing)

○CISSP, CSSLP (Security Leadership)

○GCTI, GCFA, GNFA (Threat Intel & Forensics)

Preferred Attributes:

●Proactive and analytical thinker with strong attention to detail.

●Passion for mentoring junior engineers and security champions.

●Ability to collaborate effectively across development, infrastructure, and security

operations.

●Commitment to continuous learning in threat trends, tooling, and best practices.