Sr. Application Security Engineer
Pune, Maharashta, India (Hybrid)
Cowbell
Cowbell harnesses technology, data and AI to provide SMEs with advanced warning of cyber risk and adaptive cyber insuranceCowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders’ cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell’s underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes.
Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell’s mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats.
Position Overview
In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Application Security Engineering (Dev).
What we do
The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers’ security journey with tried and true best practices. We are a Java, Python, and React shop combined with world class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It’s challenging and rewarding!
If you are up for the challenge, come join us.
The Opportunity
First and foremost, you are a developer at heart with a passion for security! You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities.
Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure).
Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk.
Help in developing the capability to automate triaging, validating, reporting and reproducing application vulnerabilities, then capture and document your excellent work.
Qualifications
- Bachelor's degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python.
- Must have prior in-depth demonstrable experience developing in JAVA and Python; Basically you are developer first and a security engineer second. Applicants that do not have this experience will not be considered.
- Experience developing in, and securing, Javascript and React a plus.
- Experience securing integrations and code that utilizes Elasticsearch, Snowflake, Databricks, RDS a big plus.
- Detail-oriented with problem solving, communication, and analytical skills.
- Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation.
- Excellent understanding and utilization of OWASP
- Demonstrated ability to secure API; Techniques, patterns, will be assessed.
- Experience designing and implementing application security solutions for web and or mobile applications
- Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects.
- Experienced in application penetration testing; and understanding of remediation techniques for common misconfigurations and vulnerabilities
- Demonstrable experience in understanding patching and library upgrade paths including interdependencies
- Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus.
- Capability to deploy, provide maintenance for, and operationalize scanning solutions.
- Hands-on ability to conduct scans across application repositories and infrastructure.
- Must be willing to work extended hours and weekends as needed
- Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts.
Preferred Qualifications
- You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE
- Proficient with penetration testing tools such Burp suite, Metasploit or ZAP
- You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better.
- As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation
- Capability to develop operational process from scratch or improve current processes and procedures through well thought out hand-offs, integrations, and automation
- Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications
- Understanding of modern endpoint security technologies/concepts
- Adept at working with distributed team members
What Cowbell brings to the table:
- Employee equity plan for all and wealth enablement plan for select customer facing roles
- Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours and much more
- Professional development and the opportunity to learn the ins and outs of cyber insurance, cyber security as well as continuing to build your professional skills in a team environment
Equal Employment Opportunity:
We are committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability, or veteran status.
Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE—Transparency, Resiliency, Urgency, and Empowerment—we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk.
At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards.
We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.
For more information, please visit https://cowbell.insure/.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Automation AWS Burp Suite C CI/CD Cloud Compliance Computer Science CVSS DAST Databricks Elasticsearch Endpoint security Incident response Java JavaScript Metasploit Network security OWASP Pentesting Privacy Python Risk assessment SAST Snowflake STEM Vulnerabilities
Perks/benefits: Career development Competitive pay Equity / stock options Insurance Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.