Senior Production Security Engineer

Overview

The Senior Production Security Engineer is responsible for ensuring the security and integrity of Origami’s cloud environments and driving collaboration for cross-functional security initiatives and process improvements. This person develops, implements and improves security measures in our production environments to protect against cyber threats and safeguard sensitive information through automation and orchestration, and also collaborates with other business units in promoting the security culture across the organization.

Starting base pay for this role is between $145,000 and $175,000. The actual base pay is dependent upon many factors, such as transferable skills, work experience, business needs, training, location, and market demands. The base pay range is subject to change and may be modified in the future. This role will be eligible for a bonus as well as competitive medical, dental, and vision benefits, wellness reimbursement, life insurance, and a 401(k) with company match. We offer vacation and sick leave benefits (under a flexible time off policy in most states).

Responsibilities

• Collaborates with DevOps Engineers, Site Reliability Engineers, and other team members to automate cloud infrastructure security, including network security, identity and access management (IAM), configuration management, and encryption.
• Collaborates with the Information Security team to ensure security best practices are integrated into all aspects of the cloud and security controls are compliant with established security standards such as CIS, NIST, GDPR, ISO 27001 and others.
• Leads deployment and implementation of information security tools, including SIEM, system monitors, access control, and other specific cloud security controls.
• Audits and ensures customer data confidentiality, integrity, and availability in our cloud environment through encryption, access controls, data loss prevention (DLP), and other data protection measures.
• Conducts security assessments to identify vulnerabilities or misconfigurations and recommend mitigation strategies.
• Validates network flows and architecture to ensure secure and efficient operations.
• Manages access control and identity management, monitors and responds to security incidents and breaches.
• Stays current with the latest security trends, technologies, and regulatory requirements.
• Other duties as assigned.

Qualifications

• Bachelor’s Degree, ideally in Computer Science, Information Technology, or similar required.
• 5+ years of production security operations experience at a cloud IaaS/SaaS provider, with hands-on experience across multiple domains (e.g. Application CICD, Cloud Infrastructure, Endpoint Management/Defense, Information Security reporting and compliance products, posture management, etc.
• Comfortable with Linux, Windows, and Cloud Provider command line interfaces/tools and scripting languages
• Experience with Cloud Security Alliance (CSA), FISMA & FedRAMP compliance, ISO 27001/2 and NIST 800-53 security controls and SSAE18 SOC audits
• Motivated self-starter capable of both working independently and also collaborating with other team members while keeping their attention to detail
• Strong analytical and problem-solving skills for venturing into the uncertainty to map and forecast future production areas for improvement

Preferred Qualifications:

• 2+ years of experience securing public cloud environments preferred (ideally on AWS, Okta, Wiz, SumoLogic, etc.) 
• Experience with DevOps methodologies and tools such as Terraform, GIT, Ansible, etc. preferred.
• Technical certifications are a strong plus e.g., AWS Security, CISSP, CCSP, etc.
• Motivated self-starter capable of both working independently and also collaborating with other team members while keeping their attention to detail
• Has strong analytical and problem-solving skills for venturing into the uncertainty to map and forecast future production areas for improvement

Who We Are

Origami Risk provides integrated SaaS solutions to organizations across the risk and insurance ecosystem — from insured corporate and public entities to brokers and risk consultants, insurers, third party claims administrators (TPAs), and risk pools. We deliver our risk management and insurance core system solutions from a cloud-based platform that is highly configurable, completely scalable, and accessible via web browser and mobile app. 

Dais Technology, a subsidiary of Origami Risk, provides a no-code platform that revolutionizes insurance product creation for MGAs, insurers, and reinsurers. Dais’ event-based architecture enables AI-driven bundling, automation, and real-time deployment. 

Solutions from Origami Risk and Dais Technology are backed by a best-in-class service team of experienced risk and insurance professionals who possess a balance of industry knowledge and technological expertise. A singular focus on helping clients achieve their business objectives underlies our approach to developing, implementing, and supporting our risk management, safety, compliance, and insurance core system technology solutions. 

Origami Risk is proud to be an equal opportunity employer. We thrive and benefit from diversity and are committed to creating an inclusive and equitable environment for all employees. We do not discriminate against any individual based upon race, religion, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, color, sex, national origin, age, marital status, military or veteran status, disability, or any other characteristic protected by applicable law.

Caution: Be alert to recruiting scams. We have received reports of individuals impersonating Origami Risk recruiters to deceive candidates into disclosing personal information. These impostors use fake Origami Risk domain names and email addresses. Please double-check that any email address from an Origami Risk recruiter ends with origamirisk.com or talent.icims.com. And to confirm the legitimacy of any recruiting communication, feel free to email transparencycheck@origamirisk.com.