Senior Application Security Engineer
Remote — US
CobaltCobalt.io is the future of penetration testing. We leverage global talent and a software platform to deliver a better penetration test.
Who We Are
Cobalt is a fast-growing startup that is redefining pentesting and making cybersecurity easier and more accessible. Our Pentest as a Service (PtaaS) platform, coupled with an exclusive global community of testers, delivers the real-time insights you need to remediate risk quickly and innovate securely. We have Scandinavian roots, an American base and a global outlook. Our remote-first team is characterized by a fun, fast-paced and collaborative culture based on individual responsibility and ownership.
This position will be accountable for establishing and maintaining the Application Security Program for our customer facing platform that is used for PtaaS (Pentest as a Service). You’ll focus on designing, building, and deploying application security tools to protect our platform.
It involves scheduling penetration tests, Bug Bounty program, ensuring remediation of discovered vulnerabilities, application security collaboration with engineering teams.
If you’re a creative problem solver who is aiming to go beyond your limits, and willing to take your career to the next level here in the US, then this is the right place for you.
What You Would Do
- Perform dynamic application security testing (DAST).
- Perform static analysis (SAST) of the micro-services and Web applications codebase.
- Discover, prioritise, and help remediate technical risks on features, products, and infrastructure.
- Perform threat assessment on existing and upcoming features and releases.
- Develop and own best practices for application security, development, and deployment (CI/CD).
- Identify and assess vulnerabilities stemming from third party dependencies.
- Collaborate with other engineers, PMs, and designers.
You Must Have
- Minimum of 6 years of experience with any combination of the following: threat modeling experience, secure coding, software development, cryptography and network security.
- Experience with industry standard threat models and security tooling.
- Deep understanding of web security, TLS/SSL, web authentication and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
- Experience with web applications, SaaS environment and micro-service architecture.
- Proven track record securing highly available and highly scalable systems.
- Familiarity with one or more cloud vendor services and management tools (AWS, GCP).
- Team player who can get along with others both inside and outside the company.
- Experience with vulnerability management
Nice to Have
- Experience with SAST tools like Checkmarx, Snyk
- Experience with Infrastructure security
Why You Should Join Us
- Grow in a passionate, rapidly expanding industry operating at the forefront of the Pentesting industry
- Work directly with experienced senior leaders with ongoing mentorship opportunities
- Make the most of our flexible, unlimited paid time off, remote working from anywhere in the US, Germany or the UK and travel perks
- Earn competitive compensation and an attractive equity plan
- Leverage stipends for wellness, work-from-home and learning & development
- Treat yourself to paid remote lunches
- Save for the future with a 401(k) program (US only)
- Benefit from medical, dental, vision and life insurance (US only)
Other jobs like this
Senior Azure Cloud Security EngineerAnsible Automation AWS Azure CircleCI DevOps Docker Encryption GCP Incident response +9
401(k) matching Career development Equity Flex hours Flex vacation +6
Staff Cloud Security Engineer (Remote- North America)Automation AWS Azure CEH CISA Cloudflare FedRAMP GCP ISO 27001 Kubernetes +2
Career development Competitive pay Flex hours Flex vacation Parental leave +3
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Staff Security Engineer jobs
- Open Head of Information Security jobs
- Open Lead Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Cloud Security Operations Lead jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Open Source-related jobs
- Open Threat detection-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open Machine Learning-related jobs
- Open DevSecOps-related jobs