Cloud Security Engineer
Who We Are
Origami Risk is a wildly successful provider of integrated SaaS solutions for the risk and insurance industry—from insured corporate and public entities to brokers and risk consultants, insurers, third party claims administrators (TPAs), and risk pools. Origami Risk delivers a full suite of risk management and insurance core system solutions from a single secure, cloud-based platform. A singular focus on helping clients achieve their business objectives underlies Origami Risk’s approach to developing, implementing, and supporting our technology solutions.
Founded in 2009 by Risk Management Information System (RMIS) industry veterans, over the past decade Origami Risk has received more than two dozen awards for service excellence, technology innovation, and workplace culture. In addition to inclusion in Deloitte’s Technology Fast 500™, a ranking of the 500 fastest-growing tech companies in North America, Origami Risk also has been repeatedly recognized by Inc. magazine as one of the “Best Places to Work” and Best and Brightest® Companies To Work For in the Nation by the National Association for Business Resources (NABR).
Making a Difference
We have an immediate opening for a Cloud Security Engineer to join our growing Security Operations team.
As a Cloud Security Engineer, the work will encompass day-to-day security operations focused on maintaining the confidentiality, integrity, and availability of the Origami Risk Service while addressing ever-evolving cyber security threats. This individual will establish best-practices and execute critical cyber security operations activities while maintaining proper defense-in-depth practices throughout the operating environment.
The ideal candidate will have experience working as a security practitioner with a wide range of experience in Information Security, Cloud Architecture, and Information Technology disciplines as well as an ability to operate in a dynamic ever-changing environment.
Tasks and Responsibilities:
- Design, deploy, manage and improve critical security infrastructure services and tools to include encryption, access control, PKI, secrets management, detection, and vulnerability management
- Analyze the latest attacker techniques and develop approaches to detect them across the company's cloud environments and endpoints.
- Improve, drive, and communicate change, supporting a DevSecOps methodology within the organization.
- Participate in the planning and implementation of all processes related to continuous integration, continuous delivery, and process automation.
- Act as the technical cloud security SME to meet current and future security design and architecture requirements for XaaS implementations.
- Conduct compliance reviews on both internal cloud infrastructure and within our internal colleague environments.
- Provide daily oversight of security operations, to include the security impact analysis of proposed system modifications and implementations.
- Monitor information security tools, including SIEM, system monitors, access control, and other specific cloud security controls
- Respond to information system security incidents related to computer-based attacks, unauthorized access, and policy breaches
- Collaborate using information and knowledge sharing networks and professional relationships to achieve common goals between technical and non-technical personnel
- Mentor team members on cloud security solutions and best practices as well as assist in the development and training of others
- Bachelor’s degree or equivalent experience
- 5 years’ information security experience with a minimum of 2 years in a cloud security role
- Knowledge of firewalls, IDS/IPS, centralized anti-virus solutions, patch management, data encryption, and cryptography techniques
- Experience using SIEM and/or Security analytics systems
- Hands-on experience with commercial and open source security solutions such as Burp Suite, Metasploit, Nexpose, Nessus, and Kali Linux
- Experience with incident response, root cause analysis, and malware detection solutions with an understanding of adversarial tactics, techniques and response mitigation procedures
- Motivated self-starter capable of working independently while also collaborating with other team members
Additional Skills, Experience, and Certifications:
- Experience securing public cloud environments such as Amazon AWS, GCP or Microsoft Azure
- Technical knowledge of Software Defined Networking
- Experience with one or more scripting language such as Python
- Experience with Cloud Security Alliance (CSA), FISMA & FedRAMP compliance, ISO 27001/2 and NIST 800-53 security controls
- Experience with SSAE 16/18 SOC audits
- Relevant security certifications (i.e. CompTIA Security+, GIAC, GSEC, OSCP, CEH)
- Working knowledge of security frameworks, development, test, and deployment models
- Experience with secure software development lifecycle (SDLC) methodologies such as Agile, DevOps
US citizen work authorization required.
Origami Risk is a drug-free work place. Equal Opportunity Employer M/F/D/V