Senior Application Security Engineer
Remote — US
Applications have closed
Cobalt
Cobalt is modernizing traditional pentesting. We leverage global talent and a SaaS platform to deliver a better pentest via Pentest as a Service (PtaaS).Who We Are
Cobalt is a fast-growing startup that is redefining pentesting and making cybersecurity easier and more accessible. Our Pentest as a Service (PtaaS) platform, coupled with an exclusive global community of testers, delivers the real-time insights you need to remediate risk quickly and innovate securely. We have Scandinavian roots, an American base and a global outlook. Our remote-first team is characterized by a fun, fast-paced and collaborative culture based on individual responsibility and ownership.
Description
This position will be accountable for establishing and maintaining the Application Security Program for our customer facing platform that is used for PtaaS (Pentest as a Service). You’ll focus on designing, building, and deploying application security tools to protect our platform.
It involves scheduling penetration tests, Bug Bounty program, ensuring remediation of discovered vulnerabilities, application security collaboration with engineering teams.
If you’re a creative problem solver who is aiming to go beyond your limits, and willing to take your career to the next level here in the US, then this is the right place for you.
What You Would Do
- Perform dynamic application security testing (DAST).
- Perform static analysis (SAST) of the micro-services and Web applications codebase.
- Discover, prioritise, and help remediate technical risks on features, products, and infrastructure.
- Perform threat assessment on existing and upcoming features and releases.
- Develop and own best practices for application security, development, and deployment (CI/CD).
- Identify and assess vulnerabilities stemming from third party dependencies.
- Collaborate with other engineers, PMs, and designers.
You Must Have
- Minimum of 6 years of experience with any combination of the following: threat modeling experience, secure coding, software development, cryptography and network security.
- Experience with industry standard threat models and security tooling.
- Deep understanding of web security, TLS/SSL, web authentication and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
- Experience with web applications, SaaS environment and micro-service architecture.
- Proven track record securing highly available and highly scalable systems.
- Familiarity with one or more cloud vendor services and management tools (AWS, GCP).
- Team player who can get along with others both inside and outside the company.
- Experience with vulnerability management
Nice to Have
- Experience with SAST tools like Checkmarx, Snyk
- Experience with Infrastructure security
Why You Should Join Us
- Grow in a passionate, rapidly expanding industry operating at the forefront of the Pentesting industry
- Work directly with experienced senior leaders with ongoing mentorship opportunities
- Make the most of our flexible, unlimited paid time off, remote working from anywhere in the US, Germany or the UK and travel perks
- Earn competitive compensation and an attractive equity plan
- Leverage stipends for wellness, work-from-home and learning & development
- Treat yourself to paid remote lunches
- Save for the future with a 401(k) program (US only)
- Benefit from medical, dental, vision and life insurance (US only)
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS Checkmarx CI/CD Cloud Cryptography DAST GCP Network security Pentesting SaaS SAST TCP/IP TLS Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Health care Startup environment Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs