What you will do:

The InfoSec team drives security and compliance improvements to reduce risk by building out key security programs. We enable our colleagues in securing the company and support our customers’ security journey with tried and true best practices. We are looking for an experienced security engineer with broad experience in securing infrastructure and applications. We are a Java, Python, and React shop combined with world class cloud infrastructure (such as AWS & Snowflake). 

Balancing proper security while enabling execution speed for our colleagues (& customers) is our ultimate goal. It’s challenging and rewarding! If you are up for the challenge, come join us . . . 

• Partner and collaborate with internal stakeholders in assisting with their overall security posture
• Work across engineering, product and business systems teams to enhance and evangelize security in applications/infrastructure and drive changes needed to respond to emerging threats
• Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts
• Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk
• Senior member of SWAT team to handle zero-day events by determining affected assets, prioritizing remediation, producing ad hoc reports, identifying compensating controls, and escalating issues when necessary

What Cowbell needs from you:

• 7 years of security engineering experience, with a strong Vulnerability Management background
• Be an entrepreneurial leader who will develop and be responsible for an efficient Vulnerability Management function
• Work collaboratively across teams - Software Engineering, IT, Production Engineering, and beyond to drive down risk
• Capability to deploy, provide maintenance for, and operationalize scanning solutions
• Hands-on ability to conduct scans across infrastructure (end user devices, servers, databases, etc.) both internally and externally for the enterprise
• Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects.
• Ability to deploy best practices for vulnerability management in cloud environments
• Expertise to provide engineering teams with technical guidance on the impact and priority of security issues and driving remediation
• Capability to develop from scratch and improve current processes and procedures through well thought out hand-offs, integrations, and automation
• Ability to influence positive change without direct authority over partner engineering and infrastructure teams
• Excellent communication and presentation skills

Preferred Qualifications:

• Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications
• Penetration testing experience and understanding of remediation techniques for common misconfigurations and vulnerabilities
• Master's in computer science, Information Security, or equivalent domain.
• Understanding of modern endpoint security technologies/concepts
• Experience with FIDO2/Webauthn
• Experience with IAM tools and process
• Experience in implementing and maintaining email protection (e.g. Proofpoint, Abnormal Security, etc.)
• You are a perpetual learner and often find yourself ideating about new and improved ways of doing things and are confident to share your ideas with the rest of the security team
• As a team player and effective communicator, you establish collaborative relationships with technical and non-technical colleagues
• Adept at working with distributed team members