Senior Application Security Engineer

Cobalt was founded on the belief that pentesting can be better. Our pentests start in as little as 24 hours and integrate with modern development cycles thanks to the powerful combination of a SaaS platform coupled with an exclusive community of testers known as the Cobalt Core. Accepting just 5% of applicants, the Core boasts over 400 closely vetted and highly skilled testers who jointly conduct thousands of tests each year. 

Our award-winning, fully remote team is committed to helping agile businesses remediate risk quickly and innovate securely. Today, over 1,000 customers use Cobalt to run pentests on demand via Pentest as a Service, AKA PtaaS, a space which Cobalt pioneered (you could even say we wrote the book on it) and continues to lead. 

This position will be accountable for establishing and maintaining the Application Security Program for our customer-facing platform that is used for PtaaS (Pentest as a Service). You’ll focus on designing, building, and deploying application security tools to protect our platform.

It involves scheduling penetration tests, Bug Bounty program, ensuring remediation of discovered vulnerabilities, application security collaboration with engineering teams. If you’re a creative problem solver who is aiming to go beyond your limits, and willing to take your career to the next level here in the US, then this is the right place for you.

• Perform dynamic application security testing (DAST).
• Perform static analysis (SAST) of the micro-services and Web applications codebase.
• Discover, prioritise, and help remediate technical risks on features, products, and infrastructure.
• Perform threat assessment on existing and upcoming features and releases.
• Develop and own best practices for application security, development, and deployment (CI/CD).
• Identify and assess vulnerabilities stemming from third party dependencies.
• Collaborate with other engineers, PMs, and designers.

• 5+ years of professional experience in one or more of the following: Frontend: React/Redux, HTML5, CSS, JavaScript. 
• Previous experience and passion for technical leadership and mentoring teammates
• A proactive attitude & willingness to participate in team discussions
• Experience working with RESTful APIs
• Experience with automation testing and continuous deployment processes
• A solid understanding of build tools and bundlers, such as webpack
• Good written and verbal communication in English
• A high comfort level within a remote-first, globally distributed company

• Experience with SAST tools like Checkmarx, Snyk
• Experience with Infrastructure security

With over 45 nationalities already at Cobalt (and counting) we respect and celebrate diversity! We’re proudly committed to equal employment opportunities regardless of your gender, religion, age, sexual orientation, ethnicity, disability, or place of origin. We support each other and are grateful for each Cobalter's contribution to our mission — let's make security dance! 

Please apply even if you don't think you meet all of the criteria above but are still interested in the job. Nobody checks every box, and we're looking for someone excited to join the team.

• Grow in a passionate, rapidly expanding industry operating at the forefront of the Pentesting industry 
• Work directly with experienced senior leaders with ongoing mentorship opportunities
• Earn competitive compensation and an attractive equity plan
• Save for the future with a 401(k) program (US) 
• Benefit from medical, dental, vision and life insurance (US)
• Leverage stipends for:
  • Wellness
  • Work-from-home equipment & wifi
  • Learning & development
  • Unlimited books 
• Treat yourself to paid remote lunches
• Make the most of our flexible, generous paid time off
• Work remotely from anywhere in the US
• Explore the world with our travel bonus payouts at your 2, 3, and 5 year anniversary