Senior Security Engineer

About The Position

Requirements

• 5+ years in a security engineering, security analyst, or IT security role at a SaaS, cloud, or enterprise software company
• Hands-on experience running endpoint security and compliance tooling — EDR, vulnerability management, and continuous compliance monitoring platforms — in a regulated environment
• Strong working knowledge of SOC 2 Type II controls and direct experience supporting an audit cycle (evidence collection, control testing, auditor coordination)
• Experience answering customer security questionnaires (SIG, CAIQ, or bespoke) with technical accuracy and customer-friendly framing
• Proficiency with cloud security fundamentals — IAM, network controls, logging, and common attack surfaces — plus solid scripting in Python or Bash
• BS in Computer Science, Information Security, or equivalent professional experience
• Proven experience collaborating with cross-functional teams and promoting a culture of sharing security knowledge

Responsibilities

• Run Cobalt's endpoint and cloud asset security stack across managed laptops, desktops, and cloud infrastructure — including EDR, vulnerability management, and continuous compliance monitoring tooling
• Administer Cobalt's compliance automation platform as the system of record for controls and evidence — manage personnel records, reconcile against HRIS and identity provider data, and handle edge cases outside the primary HRIS
• Own end-to-end onboarding and offboarding security across employees, contractors, and external partners — verify new hires complete security gating before access is provisioned, apply the right requirements for each personnel tier, and close out access promptly when people leave
• Triage alerts from EDR, SIEM, and the vulnerability scanner; recommend patches, file risk acceptances, and gather evidence to close out remediations
• Co-own Cobalt's SOC 2 program — coordinate with auditors, gather evidence from internal teams, and run control testing (SSO, IAM, change management, access reviews) ahead of fieldwork
• Maintain Cobalt's security policies (vulnerability management, logging and monitoring, incident response, access control), keep them current as the business evolves, and draft new policies when we identify gaps
• Own the customer security questionnaire pipeline — partner with Sales, GTM, and product leads to turn around SIG, CAIQ, and bespoke vendor assessments quickly and accurately
• Run vendor security reviews for new software and services Cobalt adopts, with clear turnaround expectations and a process the rest of the company can rely on
• Triage suspected phishing reports and serve as incident manager when something happens — scope, contain, document, and run the postmortem
• Own annual security awareness training rollout and tracking across the company
• Partner with Engineering to secure the Cobalt Monitoring Intelligence platform at the edge and bring security perspective into design and code review
• Support pen test engagements end-to-end: scoping, remediation tracking, and re-test follow-up

Benefits

• Competitive salary
• equity
• full benefits (medical, vision, dental)
• Flexible work arrangements