Origami Risk is a wildly successful Enterprise Software as a Service growing at an exceptional rate. Origami has been consistently ranked the #1 Risk Management Information System (RMIS) in the industry’s most comprehensive study for the past 3 years. Founded by industry veterans committed to bringing new ideas and advanced features to the RMIS market, Origami Risk’s innovative software is designed with the latest technology and a focus on performance and ease-of-use. It features powerful workflow, advanced reporting and analysis tools, and intuitive features to improve productivity and better manage Total Cost of Risk—saving our clients time and money and enabling them to be more successful.
Making a Difference
We have an immediate opening for a Senior Security Engineer to join our growing IT Operations team. The position will be based in our Chicago, IL headquarters.
As a Sr. Security Engineer the work will encompass day-to-day security operations focused on maintaining the confidentiality, integrity and availability of the Origami Service while addressing ever evolving cyber security threats. This individual will research, develop, deploy and maintain security solutions that ensure proper defense-in-depth practices are applied.
The ideal candidate will be an experienced security practitioner with a wide range of experience in the Information Technology and Information Security disciplines and an ability to operate in a dynamic ever changing environment.
- Security Operations and Support for a virtualized public cloud environment to include Windows & Linux Servers, MSSQL, Active Directory, File Servers, DNS, FTP, NAS, Load Balancers
- Administration of security infrastructure and services to include WAF, SIEM, Host & Network IDS/IPS, DLP, Unified Identity Management
- Respond to security incidents to include the collection, preservation and analysis of forensic evidence
- Enhance and Implement security solutions and configurations that meet compliance requirements
- Use Security/Threat Intelligence feeds to improve indicators of compromise
- Proactively identify and address security flaws, threats and vulnerabilities across the entire organization
- Enhance the information security continuous monitoring program and capabilities to identify, and alert to threats, vulnerabilities, and non-compliance
- Evaluate and deploy patches, updates and configuration changes
- Develop, document and update policies and procedures to ensure security focused maintenance activities are followed
- Participate in risk and security assessments based on Governance, Risk and Compliance requirements
- Bachelor’s degree or equivalent experience
- 10 years’ information technology experience with a minimum of 4 years in an information security role
- Knowledge of public cloud security concepts and practices in addition to traditional confidentiality, integrity and availability security principles
- Knowledge of firewalls, intrusion detection and prevention systems, centralized anti-virus solutions, patch management, data encryption and cryptography techniques
- Knowledge with assessing and mitigating vulnerabilities in web-based systems based on methodologies such as OWASP
- Demonstrated experience in analytical thinking and problem solving with the ability to develop and implement creative solutions
- Experience implementing network security architecture, incident response, root cause analysis, and malware detection solutions
- Proficient experience and understanding of adversarial tactics, techniques and response mitigation procedures
- Motivated self-starter capable of working independently while also collaborating with other team members
Additional Skills and Experience:
- Hands-on experience with Amazon
- Advanced technical knowledge of Software Defined Networking, Microsoft and Linux Servers
- Experience with FISMA compliance and NIST 800-53 security controls
- Experience with SSAE 16/SOC audits
- Relevant security certifications (i.e. CompTIA Security+, CASP, SSCP, CEH, GSEC)
- Experience or working knowledge of security frameworks, development, test and deployment models
- Experience with software development lifecycle (SDLC) methodology
Applicants selected will be subject to a background check, a government security investigation and must meet eligibility requirements to be considered for the position. Accordingly, U.S. Citizenship is required.