Want to improve this content? Edit this content
Senior Application Security Engineer @ Cobalt.io

Who We Are

Cobalt (cobalt.io) is a fast growing cybersecurity start-up headquartered in San Francisco. Cobalt is providing a Pentest as a Service Platform which leverages the sharing economy to find global security talent to help secure companies and their users. We have Scandinavian roots, an American base and a global outlook. Our offices in San Francisco, Berlin, and remote roles are characterized by a fun, fast-paced and collaborative culture based on individual responsibility and ownership.


Cobalt’s Information Security team is rapidly growing and seeks an experienced Senior Application Security Engineer to build upon the great work put into our secure software development lifecycle and take it to the next level in both developing known good and secure code patterns and develop libraries our engineering teams can use for security use cases. The position is a combination of teacher, influencer and technical hands-on. This person should be able to adapt quickly and find creative ways to implement security in a fast-paced environment. The position will most certainly be involved in improving security testing in our CI/CD pipeline but may also be called upon to drive engineering efforts for other programmatic areas like data protection, security logging, Cobalt platform security architecture and incident response. A thirst for knowledge, a curious mind and a desire to stay abreast of security developments in a dynamic security company is a must.

What You Would Do

  • Develop application security controls and standardize security best practices in our SDLC
  • Support engineering in developing a security certification process
  • Partner with engineering in developing secure code review best practices and metrics to measure efficacy 
  • Lead security architecture discussions with engineering for both product and infrastructure designs and develop risk mitigation plans
  • Develop known good code patterns and share with engineering for common use cases
  • Develop libraries that can be used in our tech stack to call security functions
  • Assist in vulnerability assessments, security control checks and reporting
  • Work with the Head of Security and InfoSec Manager to develop an application security specific roadmap to discover security defects in source code, dependencies and other artifacts
  • Enable automation of product security testing

You Must Have

  • 5+ years of experience in application security; (experience as a developer is a plus)
  • Hands-on experience implementing and tuning SAST/DAST tools and transitioning to engineering for long-term ownership
  • Experience in threat modeling cloud hosted applications and infrastructure
  • The ability to explain OWASP Top 10 and CWE 25 to any audience and discuss effective defensive techniques
  • Experience taking a business requirement, identifying solutions, deploying and then operationalizing that solution for continuous improvement
  • Ability to adapt to a hyper-growth pace and manage priorities
  • Expert knowledge of information security principles, networks, Linux, web applications and familiarity with malicious code and common techniques used by hackers
  • Experience automating manual tasks in Python, Ruby, etc.
  • Ability to program in Python, Ruby Javascript or Java
  • Proven experience delivering technical information to a less-technical audience in an impactful way
  • A team player and experience providing mentorship and support to teams outside of InfoSec to enable them to get their job done while operating securely 

Why You Should Join Us

  • Opportunity to join and grow in a passionate, rapidly expanding industry
  • Competitive compensation & attractive equity plan
  • Flexible paid time-off & travel policies
  • Regularly planned team outings and company events
  • Paid parental leave
  • 401(k) program to help you save for the future (US only)
  • Medical, dental, and life insurance benefits (US only)


Active: Yes
Last Modified: 2020-9-2 7:50:22
Contributors of this content: jobs