Application Security Analyst
Who We Are
Origami Risk is a wildly successful Enterprise Software as a Service growing at an exceptional rate. Origami has been consistently ranked the #1 Risk Management Information System (RMIS) in the industry’s most comprehensive studies for the past 5 years. Founded by industry veterans committed to bringing new ideas and advanced features to the RMIS market, Origami Risk’s innovative software is designed with the latest technology and a focus on performance and ease-of-use and is supported by industry experts. It features powerful workflow, advanced reporting and analysis tools, and intuitive features to improve productivity and better manage Total Cost of Risk—saving our clients time and money and enabling them to be more successful.
Making a Difference
We have an immediate opening for an Application Security Analyst to join our growing Security Operations team.
As an Application Security Analyst, you will be a member of the Security Team, helping drive the continuous evolution of Origami Risk's Secure Development Lifecycle while addressing ever-evolving cyber security threats to the Origami Risk SaaS Platform. This individual will be responsible for identifying new platform vulnerabilities, managing vulnerability detection processes, and developing automations to assist in vulnerability management and DevSecOps strategies. This individual will also work closely with our development teams to help define application security best practices, perform software architecture and design reviews, conduct black box and white box security testing, and support the identification, interpretation, and remediation of vulnerabilities across Origami Risk SaaS platform.
Tasks and Responsibilities:
Perform manual and automated scanning and security analysis of the Origami Risk SaaS platform; identify threats, vulnerabilities, and risks to the business
Use Security/Threat Intelligence feeds to improve indicators of compromise
Work with DevOps teams during the application development process to adopt secure design and coding practices
Respond to security incidents to include the collection, preservation, and analysis of forensic evidence
Proactively identify, triage and address security flaws, threats, and vulnerabilities
Participate in Security Operations and Support for a virtualized public cloud environment
Participate in risk and security assessments based on Governance, Risk and Compliance requirements
Qualifications:
Bachelor’s degree in Engineering, Information Security, Information Assurance, Network Security or related field
5 years’ information security experience with a minimum of 3 years in an application security role
Knowledge of secure coding principles and best practices for web applications
Extensive knowledge of common application vulnerabilities, attack techniques, and remediation tactics and strategies
Experience with commercial and open source security solutions such as AppSpider, Burp Suite, Metasploit, Nexpose, Paros, Samurai WTF, and Kali Linux
Experience performing automated and manual vulnerabilities assessments of web applications based on methodologies such as OWASP and WASC
Knowledge of firewalls, IDS/IPS, centralized anti-virus solutions, patch management, data encryption, and cryptography techniques
Additional Skills, Experience, and Certifications:
Experience securing public cloud environments such as Amazon AWS, GCP or Microsoft Azure
Technical knowledge of Software Defined Networking
Experience with NIST 800-53, NIST 800-190, NIST 800-163, FISMA & FedRAMP compliance, and ISO 27001/2 security controls
Experience with SSAE 16/18 SOC audits
Relevant security certifications (i.e., GWEB, GCWN, CSSLP, OSWE, CASE)
Working knowledge of security frameworks, development, test, and deployment models
Experience with software development lifecycle (SDLC) methodologies such as Agile, DevSecOps
Clearance Requirements:
Applicants selected will be subject to a background check, a government security investigation and must meet eligibility requirements to be considered for the position. Authorized to work in the United States.
Origami Risk is a drug-free work place. Equal Opportunity Employer M/F/D/V