Product Security Engineer

Origami Risk is a company that delivers single-platform SaaS solutions for risk management. The Offensive Product Security Engineer will safeguard products by identifying and mitigating security vulnerabilities through assessments like penetration testing and threat modeling.

Responsibilities:

• Conduct advanced penetration testing and vulnerability assessments on our products and infrastructure
• Develop and deploy realistic attacks to test security defenses
• Develop and maintain security documentation, including policies, procedures, and guidelines
• Carry out controlled attacks to evade detection, simulate real-world attacks to exploit potential weaknesses
• Prepare and deliver technical reports to internal stakeholders
• Perform vulnerability assessments, triage and provide prescriptive remediation for identified vulnerabilities
• Assist in incident response and forensic analysis when security incidents occur
• Collaborate with development teams to integrate security best practices into the software development lifecycle
• Stay current on exploitation and post-exploitation techniques and incorporate them into the penetration testing
• Other duties as assigned

Requirements:

• Bachelor's or master's degree in computer science, Information Security, or a related field
• 4+ years of experience in information security with focus on application and cloud security
• 2+ years of hands-on experience in offensive security, including exploit development, vulnerability research, and penetration testing
• Strong knowledge of penetration testing methodologies and tools (e.g., Metasploit, Burp Suite, Nmap, MITRE)
• Proficient in performing adversary simulation attacks, red team experience
• Proficient in active directory, OSINT, networking technologies
• Proficiency in scripting and programming languages (e.g., Python, Java, C++)
• Familiarity with cloud security (e.g., AWS, Azure, GCP) and container security (e.g., Docker, Kubernetes)