Sr. Application Security Engineer (Dev) | Reports to: Director, IT & Information Security
Pune, India
Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders’ cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell’s underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes.
Founded in 2019, Cowbell is based in the San Francisco Bay Area with employees across the U.S., Canada, U.K. and India and is backed by over 15 A.M. Best A- or higher rated reinsurance partners.
Objective:
In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Application Security Engineering (Dev).
If that sounds like you and if you are excited to join our team and be part of an exciting institution where you can hone your skills and develop new ones in a fun, challenging and dynamic environment please send your application to vaqvnerpehvgvat@pbjoryyplore.nv.
What we do
The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers’ security journey with tried and true best practices. We are a Java, Python, and React shop combined with world class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It’s challenging and rewarding!
If you are up for the challenge, come join us.
The Opportunity
First and foremost, you are a developer at heart with a passion for security! You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities.
Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure).
Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk.
Help in developing the capability to automate triaging, validating, reporting and reproducing application vulnerabilities, then capture and document your excellent work.
What Cowbell needs from you:
- Bachelor’s degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python
- Detail-oriented with problem solving, communication, and analytical skills
- Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation
- Excellent understanding and utilization of OWASP
- Demonstrated ability to secure API; Techniques, patterns, will be assessed
- Experience designing and implementing application security solutions for web and or mobile applications
- Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects
- Experienced in application penetration testing; and understanding of remediation techniques for common misconfigurations and vulnerabilities
- Demonstrable experience in understanding patching and library upgrade paths including interdependencies
- Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus
- Capability to deploy, provide maintenance for, and operationalize scanning solutions
- Hands-on ability to conduct scans across application repositories and infrastructure
- Must be willing to work extended hours and weekends as needed
- Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts
Preferred Qualifications:
- You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE
- Proficient with penetration testing tools such Burp suite, Metasploit or ZAP
- You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better
- As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation
- Capability to develop operational process from scratch or improve current processes and procedures through well thought out hand-offs, integrations, and automation
- Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications
- Understanding of modern endpoint security technologies/concepts
- Adept at working with distributed team members
What Cowbell brings to the table:
- Employee equity plan for all and wealth enablement plan for select customer facing roles
- Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours and much more
- Professional development and the opportunity to learn the ins and outs of cyber insurance, cyber security as well as continuing to build your professional skills in a team environment