Product Security Engineer

Origami Risk is a company that delivers single-platform SaaS solutions for risk management. As an Offensive Product Security Engineer, you will identify and mitigate security vulnerabilities through comprehensive assessments and testing, ensuring the resilience of products against potential attacks.

Responsibilities:

• Conduct advanced penetration testing and vulnerability assessments on our products and infrastructure
• Develop and deploy realistic attacks to test security defenses
• Develop and maintain security documentation, including policies, procedures, and guidelines
• Carry out controlled attacks to evade detection, simulate real-world attacks to exploit potential weaknesses
• Prepare and deliver technical reports to internal stakeholders
• Perform vulnerability assessments, triage and provide prescriptive remediation for identified vulnerabilities
• Assist in incident response and forensic analysis when security incidents occur
• Collaborate with development teams to integrate security best practices into the software development lifecycle
• Stay current on exploitation and post-exploitation techniques and incorporate them into the penetration testing
• Other duties as assigned

Requirements:

• Bachelor's or master's degree in computer science, Information Security, or a related field
• 4+ years of experience in information security with focus on application and cloud security
• 2+ years of hands-on experience in offensive security, including exploit development, vulnerability research, and penetration testing
• Strong knowledge of penetration testing methodologies and tools (e.g., Metasploit, Burp Suite, Nmap, MITRE)
• Proficient in performing adversary simulation attacks, red team experience
• Proficient in active directory, OSINT, networking technologies
• Proficiency in scripting and programming languages (e.g., Python, Java, C++)
• Familiarity with cloud security (e.g., AWS, Azure, GCP) and container security (e.g., Docker, Kubernetes)