Application Security Engineer
We have an immediate opening for an Application Security Engineer to join our Application Security team. As a member of Origami's Application Security team, you will help drive the continuous evolution of Origami Risk's Secure Development Lifecycle while addressing ever-evolving cyber security threats to the Origami Risk SaaS Platform. This individual will assist in identifying new platform vulnerabilities, managing vulnerability detection processes, and developing automations to assist in vulnerability management. This role will work closely with our development teams to help define application security best practices, perform software architecture and design reviews, conduct black box and white box security testing, and support the identification, interpretation, and remediation of vulnerabilities across the Origami Risk SaaS platform.
Origami Risk is proud to be an equal opportunity employer. We thrive and benefit from diversity and are committed to creating an inclusive and equitable environment for all employees. We do not discriminate against any individual based upon race, religion, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, color, sex, national origin, age, marital status, military or veteran status, disability, or any other characteristic protected by applicable law.
Responsibilities
- Perform manual and automated scanning and security analysis of the Origami Risk SaaS platform including identifying threats, vulnerabilities, and risks to the business
- Work with Development teams during the application development process to adopt secure design and coding practices
- Respond to security incidents to include the collection, preservation, and analysis of forensic evidence
- Proactively identify, triage and address security flaws, threats, and vulnerabilities
- Participate in risk and security assessments based on Governance, Risk and Compliance requirements
Qualifications
- 3+ years of application security experience
- Bachelor's degree in Computer Science or a related technical field, or equivalent practical experience
- Experience with attack and mitigation methods, Web application and browser security, security assessments and penetration testing
- Solid understanding of common web application technologies, languages, and frameworks
- Thorough knowledge of common software vulnerabilities and a strong understanding of methods to identify and remediate vulnerabilities
- Experience with at least one high-level language (i.e. Python, Ruby, etc.)
- Knowledge of secure coding principles and best practices for web applications
- Experience with commercial and open-source web application testing tools for SAST, DAST, IAST, and RASP, and analysis tools
- Experience with multiple programming languages (such as .NET, Python, etc.)
- Experience performing automated and manual vulnerabilities assessments of web applications based on methodologies such as OWASP and WASC
- Knowledge of authentication and access control, security monitoring and intrusion detection, data encryption, and cryptography techniques
- Experience securing public cloud environments such as Amazon AWS, GCP or Microsoft Azure
- Ability to scale security within the SDLC through automation
- Relevant security certifications (i.e., GWEB, GCWN, CSSLP, OSWE, CASE)
- Experience with software development lifecycle (SDLC) methodologies such as Agile, DevSecOps
Who we are
Origami Risk is a leading provider of integrated SaaS solutions for risk management, insurance, safety, and compliance. We've designed our single-platform, cloud-based software to be easily configurable to meet the needs of insured corporate and public entities, brokers and risk consultants, insurers and MGAs, third party claims administrators (TPAs), risk pools, and more. To fulfill our singular focus of helping our clients achieve their business objectives, our software is supported by a best-in-class service team of experienced risk, insurance, and safety professionals who have an ideal balance of industry knowledge and technological expertise.
Since its founding in 2009, Origami Risk has received more than two dozen awards for service excellence, technology innovation, and workplace culture. In addition to inclusion in Deloitte's Technology Fast 500™, a ranking of the 500 fastest-growing tech companies in North America, Origami Risk also has been repeatedly recognized by Inc. magazine as one of the "Best Places to Work" and Best and Brightest® Companies To Work For in the Nation by the National Association for Business Resources (NABR).