Senior Security Engineer

The Senior Security Engineer is a key contributor to leading security initiatives supporting the Origami Risk SaaS platform through designing security tool implementations, security process improvements, and increasing security operational capacity through automation and orchestration. You will work closely with internal development, operations, and product teams to ensure we deliver a secure, highly reliable, and scalable solution to our customers.
Starting base pay for this role is between $145,000 and $175,000. The actual base pay is dependent upon many factors, such as transferable skills, work experience, business needs, training, location, and market demands. The base pay range is subject to change and may be modified in the future. This role will be eligible for a bonus as well as competitive medical, dental, and vision benefits, wellness reimbursement, life insurance, and a 401(k) with company match. We offer vacation and sick leave benefits (under a flexible time off policy in most states).

• Mentor team members and help to scope upcoming projects and support agile approaches to work management.
• Use analytical skills against loosely defined requirements to develop clarifying questions for shaping project tasks.
• Experience in leading or participating in Red Team/Blue Team exercises.
• Conduct comprehensive network and security assessments of cloud environments to identify vulnerabilities, misconfigurations, and compliance gaps.
• Ensure network security best practices are implemented and maintained across all platforms.
• Work closely with DevOps Engineers and Site Reliability Engineers to design, implement, and manage security controls and technologies on public cloud platforms (e.g., AWS, Azure, Google Cloud), such as identity and access management (IAM), encryption, key management, and network security controls.
• Familiarity with firewall, email security, Extended Detection and Response (XDR), Endpoint Detection and Response (EDR), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and security automation tools and methodologies.
• Collaborate with Compliance and Product Security teams to build a robust vulnerability management program using automations and workflows to drive timely remediations, with focus on increasing visibility with reporting and metrics.
• Assist in developing, auditing, and implementing security policies and procedures, and the review of security controls to ensure compliance with established security standards such as CIS, NIST, GDPR, ISO 27001 and others.
• Stay abreast of emerging trends, threats, and security technologies in public cloud environments, and proactively recommend and implement measures to mitigate risks.

• BS in computer science, networking, information systems, or computer engineering with 5+ years' experience in security engineering.
• Minimum of two years' experience in the design, implementation, support, and evaluation of security-focused tools and services.
• Minimum of two years' experience in risk management for Cloud Architectures.
• Minimum of two years' experience with three or more of the following areas: cryptography, web and network protocols, data structures and algorithms, software development, threat modelling, pen tests, or vulnerability assessments.
• Strong analytical background with the ability to assess risks and identify vulnerabilities in infrastructure with an eagerness to suggest new processes, policies, and overall improvements to internal security controls.
• Experience with securing Infrastructure as Code (IaC) and CI/CD pipelines.
• Experience with Cloud Security Posture Management (CSPM), EDR/EXR, and Vulnerability Management solutions. (e.g., Prisma Cloud, Wiz, Qualys, Crowdstrike)
• Comfortable with Linux, Windows, and Cloud Provider CLIs.
• Experience with scripting and programming languages such as Python, Bash, PowerShell, etc.
• Self-motivated individual with the ability to leverage technical skills and correlate data to streamline analysis quickly and effectively.
• Industry Certifications such as CISSP, GPEN, GXPN, OSCP, GCIA, GSEC, GREM.
• Cloud Security Certifications such as CCSP, CCAK, CCSK, AWS Certified Security Specialty is preferred.

Origami Risk provides integrated SaaS solutions to organizations across the risk and insurance ecosystem - from insured corporate and public entities to brokers and risk consultants, insurers, third party claims administrators (TPAs), and risk pools. We deliver our risk management and insurance core system solutions from a cloud-based platform that is highly configurable, completely scalable, and accessible via web browser and mobile app.
Dais Technology, a subsidiary of Origami Risk, provides a no-code platform that revolutionizes insurance product creation for MGAs, insurers, and reinsurers. Dais' event-based architecture enables AI-driven bundling, automation, and real-time deployment.
Solutions from Origami Risk and Dais Technology are backed by a best-in-class service team of experienced risk and insurance professionals who possess a balance of industry knowledge and technological expertise. A singular focus on helping clients achieve their business objectives underlies our approach to developing, implementing, and supporting our risk management, safety, compliance, and insurance core system technology solutions.
Origami Risk is proud to be an equal opportunity employer. We thrive and benefit from diversity and are committed to creating an inclusive and equitable environment for all employees. We do not discriminate against any individual based upon race, religion, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, color, sex, national origin, age, marital status, military or veteran status, disability, or any other characteristic protected by applicable law.
: Be alert to recruiting scams. We have received reports of individuals impersonating Origami Risk recruiters to deceive candidates into disclosing personal information. These impostors use fake Origami Risk domain names and email addresses. Please double-check that any email address from an Origami Risk recruiter ends with origamirisk.com or talent.icims.com. And to confirm the legitimacy of any recruiting communication, l feel free to email [email protected].