Staff Security Engineer - Boston, MA

Who We Are

Cobalt ( ( )) is a fast growing cybersecurity start-up headquartered in San Francisco. Cobalt is providing a Pentest as a Service platform which leverages the sharing economy to find global security talent to help secure companies and their users. We have Scandinavian roots, an American base and a global outlook. Our offices in San Francisco, Berlin, and remote roles are characterized by a fun, fast-paced and collaborative culture based on individual responsibility and ownership.


Cobalt's Information Security team is rapidly growing and seeks a Senior Security Engineer to play a critical role in expanding our footprint and protecting Cobalt and its customers. The position is a combination of governance, risk and compliance (GRC) and technical hands-on. This person should be able to adapt quickly and find creative ways to implement security in a fast-paced environment. The position will most certainly be involved in driving SOC 2 and ISO 27001 efforts but may also be called upon to aid engineering efforts for other programmatic areas like endpoint and network security, data protection, security logging, vulnerability management and incident response. A thirst for knowledge, a curious mind and a desire to stay abreast of security developments in a dynamic security company is a must.

What You Would Do

  • Drive SOC 2 and ISO 27001 efforts
  • Conduct 3rd party risk assessments to ensure compliance requirements are met
  • Configure, tune and upgrade security tools to ensure proper detection and response capabilities
  • Participate in security architecture discussions with engineering for both product and infrastructure designs
  • Collaborate and communicate effectively with other teams in the company to ensure that security is championed throughout their processes
  • Assist in vulnerability assessments, security control checks and reporting
  • Research, evaluate, plan, document and implement new security tools within our environments
You Must Have

  • 5+ years of experience in GRC, network or web security
  • Experience in driving SOC 2 or ISO 27001 security efforts to certification
  • Bachelors degree in an Information Technology or Engineering related field of study or equivalent experience
  • Experience with SIEM or log aggregation and correlation tools like Splunk, Sumo Logic
  • Experience with IDS/IPS, NGAV, EDR, NGFW, WAF and DLP tools
  • Ability to adapt to a hyper-growth pace and manage priorities
  • Expert knowledge of information security principles, networks, Linux, Mac operating systems, web applications and familiarity with malicious code and common techniques used by hackers
  • Some level of programming/scripting: Python, Perl, Shell scripting as they pertain to manual task automation
  • Experience delivering technical information to a less-technical audience in an impactful way
  • Experience being a team player and providing mentorship and support to teams outside of InfoSec to enable them to get their job done while operating securely
Why You Should Join Us

  • Opportunity to join and grow in a passionate, rapidly expanding industry
  • Competitive compensation & attractive equity plan
  • Flexible paid time-off, remote work, & travel policies
  • Regularly planned team outings and company events
  • Paid lunch 3x/week
  • Pet-friendly offices
  • 401(k) program to help you save for the future (US only)
  • Medical, dental, and life insurance benefits (US only)