Senior Application Security Engineer

Who We Are

Cobalt is a fast-growing startup that is redefining pentesting and making cybersecurity easier and more accessible. Our Pentest as a Service (PtaaS) platform, coupled with an exclusive global community of testers, delivers the real-time insights you need to remediate risk quickly and innovate securely. We have Scandinavian roots, an American base and a global outlook. Our remote-first team is characterized by a fun, fast-paced and collaborative culture based on individual responsibility and ownership.

Description

This position will be accountable for establishing and maintaining the Application Security Program for our customer facing platform that is used for PtaaS (Pentest as a Service). You’ll focus on designing, building, and deploying application security tools to protect our platform.

It involves scheduling penetration tests, Bug Bounty program, ensuring remediation of discovered vulnerabilities, application security collaboration with engineering teams.
If you’re a creative problem solver who is aiming to go beyond your limits, and willing to take your career to the next level here in the US, then this is the right place for you.

What You Would Do

• Perform dynamic application security testing (DAST).
• Perform static analysis (SAST) of the micro-services and Web applications codebase.
• Discover, prioritise, and help remediate technical risks on features, products, and infrastructure.
• Perform threat assessment on existing and upcoming features and releases.
• Develop and own best practices for application security, development, and deployment (CI/CD).
• Identify and assess vulnerabilities stemming from third party dependencies.
• Collaborate with other engineers, PMs, and designers.

You Must Have

• Minimum of 6 years of experience with any combination of the following: threat modeling experience, secure coding, software development, cryptography and network security.
• Experience with industry standard threat models and security tooling.
• Deep understanding of web security, TLS/SSL, web authentication and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
• Experience with web applications, SaaS environment and micro-service architecture.
• Proven track record securing highly available and highly scalable systems.
• Familiarity with one or more cloud vendor services and management tools (AWS, GCP).
• Team player who can get along with others both inside and outside the company.
• Experience with vulnerability management

Nice to Have

• Experience with SAST tools like Checkmarx, Snyk
• Experience with Infrastructure security

Why You Should Join Us

• Grow in a passionate, rapidly expanding industry operating at the forefront of the Pentesting industry 
• Work directly with experienced senior leaders with ongoing mentorship opportunities
• Make the most of our flexible, unlimited paid time off, remote working from anywhere in the US, Germany or the UK and travel perks
• Earn competitive compensation and an attractive equity plan
• Leverage stipends for wellness, work-from-home and learning & development
• Treat yourself to paid remote lunches
• Save for the future with a 401(k) program (US only)
• Benefit from medical, dental, vision and life insurance (US only)