Oh Snap!
This job is no longer active - but you can still view the details below.

Application Security Analyst

| Chicago

Who We Are

Origami Risk is a wildly successful Enterprise Software as a Service growing at an exceptional rate. Origami has been consistently ranked the #1 Risk Management Information System (RMIS) in the industry’s most comprehensive studies for the past 5 years. Founded by industry veterans committed to bringing new ideas and advanced features to the RMIS market, Origami Risk’s innovative software is designed with the latest technology and a focus on performance and ease-of-use and is supported by industry experts. It features powerful workflow, advanced reporting and analysis tools, and intuitive features to improve productivity and better manage Total Cost of Risk—saving our clients time and money and enabling them to be more successful.

Making a Difference

We have an immediate opening for an Application Security Analyst to join our growing Security Operations team.

As an Application Security Analyst, you will be a member of the Security Team, helping drive the continuous evolution of Origami Risk's Secure Development Lifecycle while addressing ever-evolving cyber security threats to the Origami Risk SaaS Platform. This individual will be responsible for identifying new platform vulnerabilities, managing vulnerability detection processes, and developing automations to assist in vulnerability management and DevSecOps strategies. This individual will also work closely with our development teams to help define application security best practices, perform software architecture and design reviews, conduct black box and white box security testing, and support the identification, interpretation, and remediation of vulnerabilities across Origami Risk SaaS platform.

Tasks and Responsibilities:

  • Perform manual and automated scanning and security analysis of the Origami Risk SaaS platform; identify threats, vulnerabilities, and risks to the business

  • Use Security/Threat Intelligence feeds to improve indicators of compromise

  • Work with DevOps teams during the application development process to adopt secure design and coding practices

  • Respond to security incidents to include the collection, preservation, and analysis of forensic evidence

  • Proactively identify, triage and address security flaws, threats, and vulnerabilities

  • Participate in Security Operations and Support for a virtualized public cloud environment

  • Participate in risk and security assessments based on Governance, Risk and Compliance requirements

Qualifications:

  • Bachelor’s degree in Engineering, Information Security, Information Assurance, Network Security or related field

  • 5 years’ information security experience with a minimum of 3 years in an application security role

  • Knowledge of secure coding principles and best practices for web applications

  • Extensive knowledge of common application vulnerabilities, attack techniques, and remediation tactics and strategies

  • Experience with commercial and open source security solutions such as AppSpider, Burp Suite, Metasploit, Nexpose, Paros, Samurai WTF, and Kali Linux

  • Experience performing automated and manual vulnerabilities assessments of web applications based on methodologies such as OWASP and WASC

  • Knowledge of firewalls, IDS/IPS, centralized anti-virus solutions, patch management, data encryption, and cryptography techniques

  • Additional Skills, Experience, and Certifications:

  • Experience securing public cloud environments such as Amazon AWS, GCP or Microsoft Azure

  • Technical knowledge of Software Defined Networking

  • Experience with NIST 800-53, NIST 800-190, NIST 800-163, FISMA & FedRAMP compliance, and ISO 27001/2 security controls

  • Experience with SSAE 16/18 SOC audits

  • Relevant security certifications (i.e., GWEB, GCWN, CSSLP, OSWE, CASE)

  • Working knowledge of security frameworks, development, test, and deployment models

  • Experience with software development lifecycle (SDLC) methodologies such as Agile, DevSecOps

Clearance Requirements:

Applicants selected will be subject to a background check, a government security investigation and must meet eligibility requirements to be considered for the position. Authorized to work in the United States.

Origami Risk is a drug-free work place. Equal Opportunity Employer M/F/D/V

Read Full Job Description
Apply now
loading ...
Emailed