Staff Security Engineer Penetration Tester

San Jose, CA (HQ)

Full Time Senior-level / Expert USD 96K - 143K *
Cohesity logo


Eliminate mass data fragmentation with Cohesity's next-gen data management. Begin with backup, gain instant recovery. Learn more today.

View all employer listings

Apply now Apply later

Cohesity is on a mission to radically simplify how organizations manage their data to unlock limitless value. We make it easy to back up, manage and derive value from data while protecting data against ransomware attacks. At Cohesity, we’re encouraged to think big and we take on dynamic goals that require innovative thinkers. Obsession with our customers keeps us humble and drives us to keep learning.

We’ve been named a Leader by multiple analyst firms, and are prominently featured in the Forbes Cloud 100 and CRN’s Coolest Cloud companies.

About This Role:

We are actively seeking Security Engineers (Penetration Testers) to join our team. As part of our Security Engineering team, you will be responsible for enabling Secure Product release at the speed of the development team, and continuously improving Cloud and SaaS posture. The role will serve as a Cloud Security  specialist in the areas of cloud architecture design, cloud security, access management, security automation, logging and monitoring, endpoint security, network security, and incident handling. Working closely infrastructure and release engineering team to automate and cloud security workflow and 

You will also ensure we’re in lock step with product engineering and develop our DevSecOps enabled security services. Engaging with other teams and communicating with stakeholders will be a regular part of the job. We’re looking for an individual who’s motivated by technology, enjoys automation, and problem-solving.


  • Have significant hands on penetration testing experience and offensive capabilities in numerous core competency areas including web applications, mobile applications, networks, Multi tier architecture or Distributed Systems
  • Having very in depth understanding of exploiting OS and Web Services 
  • Threat Modeling and Pen Testing of Cloud security Infrastructure & services
  • Have a mature understanding of coverage and risk as an outcome of pen-testing as it relates to product security posture and business needs
  • Provide guidance on short term mitigation and effective resolutions 
  • Track and research the latest developments in vulnerability research
  • Have the ability to develop or adapt custom tooling to solve new needs
  • Build relationships with engineering teams to drive Cohesity products to a mature security state
  • Perform Security training and outreach to internal development tools.



  • B.S. or M.S. in Computer Science, Electrical Engineering or related experience
  • 7+ years experience in application level penetration testing
  • Strong understanding of vulnerabilities, common attack vectors and how to resolve them
  • Ability to quickly comprehend and digest application/systems designs
  • Attacker mindset ability to think creatively about relevant threats and attacks
  • Ability to organize and lead others in a pen test through an attack plan on complex application and systems designs
  • Well-rounded background in application, network, and system security
  • Familiarity with public cloud platforms (preferably AWS)
  • Effective written and verbal communication
  • Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications
  • Relevant development/scripting/automation experience in C++, Javascript, Python, Go
  • Experience in Pen Tester with OSCP certification and active in bug bounty 
  • REST API Security testing for Authentication and Authorizations 
  • Able to automate API Testing with Burp+Postman 
  • Threat Modeling and design reviews 
  • Experience in working with Go, C++ , Node, JavaScript 
  • Deep understanding of Cloud Security fundamentals (Cloud networks and Cloud-based Systems), including cryptography and the shared responsibility model
  • Experience working in a regulated environment (SOC, ISO, PCIDSS, HIPAA, etc.)
  • Strong Application Security  system security, Infrastructure security knowledge


Data Privacy Notice for Job Candidates:

For information on personal data processing, please see our Privacy Policy.

Equal Employment Opportunity Employer (EEOE)

Cohesity is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status or any other category protected by law. 

If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at 1-855-9COHESITY or for assistance.


Cohesity requires all employees who enter its U.S. offices to be fully vaccinated against the COVID-19 virus and to provide documented proof thereof. Cohesity will comply with applicable law regarding the reasonable accommodation of individuals who are not vaccinated because of a sincerely held religious belief, disability or medical condition. This vaccination requirement does not apply to employees who work remotely and do not enter Cohesity offices.

* Salary range is an estimate based on our salary survey at

Tags: APIs Application security Automation AWS C Cloud Computer Science Cryptography DevSecOps Endpoint security Go HIPAA JavaScript Monitoring Network security OSCP PCI DSS Pentesting PostMan Privacy Product security Python SaaS Scripting Vulnerabilities

Perks/benefits: Health care

Region: North America
Country: United States
Job stats:  11  1  0
  • Share this job via
  • or

Other jobs like this

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.