Product Security Engineer (Defensive)

Overview:

The Product Security Engineer helps drive the continuous evolution of Origami Risk's secure development lifecycle via a combination of supportive tooling capabilities and hands-on architecture partnership with our Development and Services organizations.

Starting base pay for this role is between $122,000 and $145,000. The actual base pay is dependent upon many factors, such as transferable skills, work experience, business needs, training, location, and market demands. The base pay range is subject to change and may be modified in the future. This role will be eligible for a bonus as well as competitive medical, dental, and vision benefits, wellness reimbursement, life insurance, and a 401(k) with company match. We offer vacation and sick leave benefits (under a flexible time off policy in most states).

• Perform security reviews of the architecture and design of the cloud-based SaaS application to ensure it aligns with best practices for secure coding and cloud security guidelines
• Provide prescriptive security requirements
• Promote and practice security by design principles
• Conduct threat modeling and risk assessments to identify potential security vulnerabilities and threats
• Perform manual code reviews and automated scanning of key components for security improvements
• Work with cross-functional teams to integrate security into the development lifecycle
• Provide training and guidance on security best practices
• Assist in key security initiatives or projects within product security
• Advise teams on best practices for securing AI systems and cloud environments
• Ensure the application complies with relevant security standards and regulations, such as GDPR, HIPAA, and SOC2
• Respond to security incidents to include the collection, preservation, and analysis of forensic evidence
• Stay updated on the latest security threats and trends in AI and cloud computing
• Other duties as assigned

• Bachelor's degree in computer science or a related technical field, or equivalent practical experience
• Minimum of four years of experience in the information security industry
• Industry certifications such as CEH, CISSP, GDSA or any cloud security certifications preferred
• Minimum of two years of experience in two or more of the following areas: threat modeling, cloud security, software development, secure code reviews, secure architecture
• Prior experience with securing AI systems preferred
• Experience in cloud security (Azure, AWS, or GCP) along with securing cloud architecture is preferred
• Experience with scripting or programming languages such as C#, Python, Javascript, React
• Hands on experience with SAST and DAST tools such as Snyk, Veracode, Checkmarx, Burpsuite
• Familiarity with common information security, data protection frameworks and standards such as NIST 800-53, MITRE, OWASP Top 10, GDPR
• Experience with securing CI/CD pipelines (e.g., GitHub Actions, Jenkins, CircleCI, TeamCity, Azure DevOps).

Additional Qualifications:

• You thrive in an environment encouraging a broad, collaborative impact, with outcomes prioritized above outputs and org charts 
• You foster credibility and collaboration with technical stakeholders by mapping security control requirements to practical solutions for various technologies 
• You are biased to action at speed, comfortable with ambiguity, and able to distill complexity to clarity across varied technical disciplines 
• You recognize the magic of facilitating people with diverse talents, perspectives, and technical backgrounds in accomplishing great things together 

Origami Risk provides integrated SaaS solutions to organizations across the risk and insurance ecosystem — from insured corporate and public entities to brokers and risk consultants, insurers, third party claims administrators (TPAs), and risk pools. We deliver our risk management and insurance core system solutions from a cloud-based platform that is highly configurable, completely scalable, and accessible via web browser and mobile app. 

Dais Technology, a subsidiary of Origami Risk, provides a no-code platform that revolutionizes insurance product creation for MGAs, insurers, and reinsurers. Dais’ event-based architecture enables AI-driven bundling, automation, and real-time deployment. 

Solutions from Origami Risk and Dais Technology are backed by a best-in-class service team of experienced risk and insurance professionals who possess a balance of industry knowledge and technological expertise. A singular focus on helping clients achieve their business objectives underlies our approach to developing, implementing, and supporting our risk management, safety, compliance, and insurance core system technology solutions. 

Origami Risk is proud to be an equal opportunity employer. We thrive and benefit from diversity and are committed to creating an inclusive and equitable environment for all employees. We do not discriminate against any individual based upon race, religion, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, color, sex, national origin, age, marital status, military or veteran status, disability, or any other characteristic protected by applicable law.

Caution: Be alert to recruiting scams. We have received reports of individuals impersonating Origami Risk recruiters to deceive candidates into disclosing personal information. These impostors use fake Origami Risk domain names and email addresses. Please double-check that any email address from an Origami Risk recruiter ends with origamirisk.com or talent.icims.com. And to confirm the legitimacy of any recruiting communication, feel free to email transparencycheck@origamirisk.com.