Senior Security Engineer

Overview:

The Senior Security Engineer is a key contributor to leading security initiatives supporting the Origami Risk SaaS platform through designing security tool implementations, security process improvements, and increasing security operational capacity through automation and orchestration. You will work cross-functionally with Development, Cloud Operations, and Product teams to ensure we deliver a secure, highly reliable, and scalable solution to our customers.

We are seeking a highly skilled and experienced Senior Security Engineer with a strong background in cloud security. The ideal candidate will have hands-on experience in designing, implementing, and managing security solutions in cloud environments. This role requires a deep understanding of cloud security best practices, threat modeling, and risk management.

Starting base pay for this role is between $145,000 and $175,000. The actual base pay is dependent upon many factors, such as transferable skills, work experience, business needs, training, location, and market demands. The base pay range is subject to change and may be modified in the future. This role will be eligible for a bonus as well as competitive medical, dental, and vision benefits, wellness reimbursement, life insurance, and a 401(k) with company match. We offer vacation and sick leave benefits (under a flexible time off policy in most states).

• Designs and reviews robust security architectures for cloud-based systems.
• Develops and enforces security policies, procedures, and standards.
• Conducts security assessments and audits to identify vulnerabilities/misconfigurations and recommends mitigation strategies.
• Collaborates with cross-functional teams to integrate security into the development lifecycle.
• Monitors and responds to security incidents and breaches.
• Stays up to date with the latest security trends, threats, and technologies.
• Uses analytical skills against loosely defined requirements to develop clarifying questions for shaping project tasks.
• Collaborates with other security team members and participates in Red Team/Blue Team exercises.
• Conducts comprehensive network and security assessments of cloud environments to identify vulnerabilities, misconfigurations, and compliance gaps.
• Ensures network security best practices are implemented and maintained across all platforms.
• Works closely with DevOps Engineers and Site Reliability Engineers to design, implement, and manage security controls and technologies on public cloud platforms (e.g., AWS, Azure, Google Cloud), such as identity and access management (IAM), encryption, key management, and network security controls.
• Assists in developing, auditing, and implementing security policies and procedures, and the review of security controls to ensure compliance with established security standards such as CIS, NIST, GDPR, ISO 27001 and others.
• Provides mentorship and guidance to junior security engineers, aiming to help enhance overall skillset, scope upcoming projects, and support an agile approach.
• Other duties as assigned.

• Bachelor’s degree or equivalent experience
• 5+ years’ experience in information security with a minimum of 3 years in a cloud security role
• Knowledge of and experience with cloud platforms such as AWS, Azure, or Google Cloud.
• Proficiency in security tools and technologies, including firewalls, intrusion detection/prevention systems, and SIEM solutions.
• Experience with threat modeling, risk assessment, and vulnerability management.
• Excellent problem-solving skills and attention to detail.
• Experience securing public cloud environments.
• Experience with Cloud Security Posture Management (CSPM), EDR/EXR, and Vulnerability Management solutions. (e.g., Prisma Cloud, Wiz, Qualys, CrowdStrike)
• Comfortable with Linux, Windows, and Cloud Provider CLIs.
• Self-motivated individual with the ability to leverage technical skills and correlate data to streamline analysis quickly and effectively.
• Strong communication and collaboration skills.
• Relevant certifications such as CISSP, CISM, or AWS Certified Security Specialty are a plus.

Origami Risk provides integrated SaaS solutions to organizations across the risk and insurance ecosystem — from insured corporate and public entities to brokers and risk consultants, insurers, third party claims administrators (TPAs), and risk pools. We deliver our risk management and insurance core system solutions from a cloud-based platform that is highly configurable, completely scalable, and accessible via web browser and mobile app. 

Dais Technology, a subsidiary of Origami Risk, provides a no-code platform that revolutionizes insurance product creation for MGAs, insurers, and reinsurers. Dais’ event-based architecture enables AI-driven bundling, automation, and real-time deployment. 

Solutions from Origami Risk and Dais Technology are backed by a best-in-class service team of experienced risk and insurance professionals who possess a balance of industry knowledge and technological expertise. A singular focus on helping clients achieve their business objectives underlies our approach to developing, implementing, and supporting our risk management, safety, compliance, and insurance core system technology solutions. 

Origami Risk is proud to be an equal opportunity employer. We thrive and benefit from diversity and are committed to creating an inclusive and equitable environment for all employees. We do not discriminate against any individual based upon race, religion, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, color, sex, national origin, age, marital status, military or veteran status, disability, or any other characteristic protected by applicable law.

Caution: Be alert to recruiting scams. We have received reports of individuals impersonating Origami Risk recruiters to deceive candidates into disclosing personal information. These impostors use fake Origami Risk domain names and email addresses. Please double-check that any email address from an Origami Risk recruiter ends with origamirisk.com or talent.icims.com. And to confirm the legitimacy of any recruiting communication, feel free to email transparencycheck@origamirisk.com.