Information Security Manager

Remote - US

Applications have closed
Cobalt logo

Posted 1 month ago

Who We Are

Cobalt ( is a fast growing cybersecurity start-up headquartered in San Francisco. Cobalt is providing a Pentest as a Service Platform which leverages the sharing economy to find global security talent to help secure companies and their users. We have Scandinavian roots, an American base and a global outlook. Our offices in San Francisco, Berlin, and remote roles are characterized by a fun, fast-paced and collaborative culture based on individual responsibility and ownership.


Cobalt’s Information Security team is rapidly growing and seeks an Information Security Manager to play a critical role in expanding our footprint and protecting Cobalt and its customers. The position is a combination of governance, risk and compliance (GRC), people management and technical hands-on. This person should be able to adapt quickly and find creative ways to implement security in a fast-paced environment. The position will most certainly be involved in driving SOC 2 and ISO 27001 efforts but may also be called upon to drive engineering efforts for other programmatic areas like endpoint and network security, data protection, security logging, vulnerability management, Cobalt platform security architecture and incident response. A thirst for knowledge, a curious mind and a desire to stay abreast of security developments in a dynamic security company is a must.

What You Would Do

  • Drive SOC 2 and ISO 27001 efforts
  • Conduct 3rd party risk assessments to ensure compliance requirements are met
  • Configure, tune and upgrade security tools to ensure proper detection and response capabilities
  • Lead security architecture discussions with engineering for both product and infrastructure designs and develop risk mitigation plans
  • Collaborate and communicate effectively with other teams in the company to ensure that security is championed throughout their processes
  • Assist in vulnerability assessments, security control checks and reporting
  • Work with the Head of Security to develop roadmaps based on strategic direction of the company
  • Research, evaluate, plan, document and implement new security tools within our environments
  • Lead and build a team of security analysts, engineers and specialists

You Must Have

  • 5+ years of experience in GRC, network or web security
  • Hands-on experience driving SOC 2 or ISO 27001 through to certification
  • Proven experience managing security incidents from triage to remediation and then root-cause analysis for continuous improvement
  • Experience taking a business requirement, identifying solutions, deploying and then operationalizing that solution for continuous improvement
  • Expert level experience with SIEM or log aggregation and correlation tools like Splunk, Sumo Logic
  • People management experience 
  • Experience with IDS/IPS, NGAV, EDR, NGFW, WAF and DLP tools
  • Ability to adapt to a hyper-growth pace and manage priorities
  • Expert knowledge of information security principles, networks, Linux, Mac operating systems, web applications and familiarity with malicious code and common techniques used by hackers
  • Some level of programming/scripting: Python, Perl, Shell scripting as they pertain to manual task automation
  • Proven experience delivering technical information to a less-technical audience in an impactful way
  • A team player and experience providing mentorship and support to teams outside of InfoSec to enable them to get their job done while operating securely

Why You Should Join Us

  • Opportunity to join and grow in a passionate, rapidly expanding industry
  • Competitive compensation & attractive equity plan
  • Flexible paid time-off & travel policies
  • Regularly planned team outings and company events
  • 401(k) program to help you save for the future (US only)
  • Medical, dental, and life insurance benefits (US only)
Job tags: Architecture Automation IDS Incident response IPS ISO 27001 Linux Network security Perl Python SIEM SOC 2 Splunk Vulnerability management