Product Security Engineer (Defensive)

The Product Security Engineer helps drive the continuous evolution of Origami Risk's secure development lifecycle via a combination of supportive tooling capabilities and hands-on architecture partnership with our Development and Services organizations.

Starting base pay for this role is between $122,000 and $145,000. The actual base pay is dependent upon many factors, such as transferable skills, work experience, business needs, training, location, and market demands. This role will be eligible for a bonus as well as competitive medical, dental, and vision benefits, wellness reimbursement, life insurance, and a 401(k) with company match. We offer vacation and sick leave benefits (under a flexible time off policy in most states).

• Perform security reviews of the architecture and design of the cloud-based SaaS application to ensure it aligns with best practices for secure coding and cloud security guidelines
• Provide prescriptive security requirements
• Promote and practice security by design principles
• Conduct threat modeling and risk assessments to identify potential security vulnerabilities and threats
• Perform manual code reviews and automated scanning of key components for security improvements
• Work with cross-functional teams to integrate security into the development lifecycle
• Provide training and guidance on security best practices
• Assist in key security initiatives or projects within product security
• Advise teams on best practices for securing AI systems and cloud environments
• Ensure the application complies with relevant security standards and regulations, such as GDPR, HIPAA, and SOC2
• Respond to security incidents to include the collection, preservation, and analysis of forensic evidence
• Stay updated on the latest security threats and trends in AI and cloud computing
• Other duties as assigned

• Bachelor's degree in computer science or a related technical field, or equivalent practical experience
• Minimum of four years of experience in the information security industry
• Industry certifications such as CEH, CISSP, GDSA or any cloud security certifications preferred
• Minimum of two years of experience in two or more of the following areas: threat modeling, cloud security, software development, secure code reviews, secure architecture
• Prior experience with securing AI systems preferred
• Experience in cloud security (Azure, AWS, or GCP) along with securing cloud architecture is preferred
• Experience with scripting or programming languages such as C#, Python, Javascript, React
• Hands on experience with SAST and DAST tools such as Snyk, Veracode, Checkmarx, Burpsuite
• Familiarity with common information security, data protection frameworks and standards such as NIST 800-53, MITRE, OWASP Top 10, GDPR
• Experience with securing CI/CD pipelines (e.g., GitHub Actions, Jenkins, CircleCI, TeamCity, Azure DevOps).

Origami Risk provides integrated SaaS solutions to organizations across the risk and insurance ecosystem — from insured corporate and public entities to brokers and risk consultants, insurers, third party claims administrators (TPAs), and risk pools. We deliver our risk management and insurance core system solutions from a cloud-based platform that is highly configurable, completely scalable, and accessible via web browser and mobile app.

Dais Technology, a subsidiary of Origami Risk, provides a no-code platform that revolutionizes insurance product creation for MGAs, insurers, and reinsurers. Dais’ event-based architecture enables AI-driven bundling, automation, and real-time deployment.

Solutions from Origami Risk and Dais Technology are backed by a best-in-class service team of experienced risk and insurance professionals who possess a balance of industry knowledge and technological expertise. A singular focus on helping clients achieve their business objectives underlies our approach to developing, implementing, and supporting our risk management, safety, compliance, and insurance core system technology solutions.