Security Engineer (Information Security)

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders’ cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell’s underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes.

Founded in 2019, Cowbell is based in the San Francisco Bay Area with employees across the U.S., Canada, and the U.K. and is backed by over 15 A.M. Best A- or higher rated reinsurance partners.

In support of our rapid growth, we are actively looking for ambitious people, who are not afraid of hard-work and never shy away from taking calculated risks and embracing ambiguity as it comes. Here, the opportunities are limitless for those who dare to pursue bold ideas that exist beyond the boundaries of possibilities.Join our team and be part of a growing institution where you can hone your skills and develop new ones in a fun, challenging and dynamic environment.

If that sounds like you, we want to hear from you!

What you will do:

The InfoSec team drives security and compliance improvements to reduce risk by building out key security programs. We enable our colleagues in securing the company and support our customers’ security journey with tried and true best practices. We are looking for an experienced security engineer with broad experience in securing infrastructure and applications. We are a Java, Python, and React shop combined with world class cloud infrastructure (such as AWS & Snowflake). 

Balancing proper security while enabling execution speed for our colleagues (& customers) is our ultimate goal. It’s challenging and rewarding! If you are up for the challenge, come join us . . . 

• Partner and collaborate with internal stakeholders in assisting with their overall security posture
• Work across engineering, product and business systems teams to enhance and evangelize security in applications/infrastructure and drive changes needed to respond to emerging threats
• Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts
• Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk
• Senior member of SWAT team to handle zero-day events by determining affected assets, prioritizing remediation, producing ad hoc reports, identifying compensating controls, and escalating issues when necessary

What Cowbell needs from you:

• 7+ years of security engineering experience, with a strong Vulnerability Management background
• Be an entrepreneurial leader who will develop and be responsible for an efficient Vulnerability Management function
• Work collaboratively across teams - Software Engineering, IT, Production Engineering, and beyond to drive down risk
• Capability to deploy, provide maintenance for, and operationalize scanning solutions
• Hands-on ability to conduct scans across infrastructure (end user devices, servers, databases, etc.) both internally and externally for the enterprise
• Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects.
• Ability to deploy best practices for vulnerability management in cloud environments
• Expertise to provide engineering teams with technical guidance on the impact and priority of security issues and driving remediation
• Capability to develop from scratch and improve current processes and procedures through well thought out hand-offs, integrations, and automation
• Ability to influence positive change without direct authority over partner engineering and infrastructure teams
• Excellent communication and presentation skills

Preferred Qualifications:

• Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications
• Penetration testing experience and understanding of remediation techniques for common misconfigurations and vulnerabilities
• Master's in computer science, Information Security, or equivalent domain.
• Understanding of modern endpoint security technologies/concepts
• Experience with FIDO2/Webauthn
• Experience with IAM tools and process
• Experience in implementing and maintaining email protection (e.g. Proofpoint, Abnormal Security, etc.)
• You are a perpetual learner and often find yourself ideating about new and improved ways of doing things and are confident to share your ideas with the rest of the security team
• As a team player and effective communicator, you establish collaborative relationships with technical and non-technical colleagues
• Adept at working with distributed team members

• Winner of Inc. Magazine’s Annual List of Best Workplaces for 2022
• Nationwide medical, dental and vision coverage plus life insurance, long term disability and flexible spending accounts
• Employee equity plan for all and wealth enablement plan for select customer facing roles
• Comprehensive wellness program including unlimited PTO, company-wide wellness days, wellness app subscriptions, lunch & learn, book club, get-togethers, lunch & communication stipends, happy hours and much more
• Professional development and the opportunity to learn the ins and outs of cyber insurance, cyber security as well as continuing to build your professional skills in a team environment