What you will do:

The InfoSec team drives security and compliance improvements to reduce risk by building out key security programs. We enable our colleagues in securing the company and support our customers’ security journey with tried and true best practices. We are looking for an experienced security engineer with broad experience in securing infrastructure and applications. We are a Java, Python, and React shop combined with world class cloud infrastructure (such as AWS & Snowflake).

Balancing proper security while enabling execution speed for our colleagues (& customers) is our ultimate goal. It’s challenging and rewarding! If you are up for the challenge, come join us . . .

• Partner and collaborate with internal stakeholders in assisting with their overall security posture
• Work across engineering, product and business systems teams to enhance and evangelize security in applications/infrastructure and drive changes needed to respond to emerging threats
• Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk
• Senior member of SWAT team to handle zero-day events by determining affected assets, prioritizing remediation, producing ad hoc reports, identifying compensating controls, and escalating issues when necessary
• You are a perpetual learner and often find yourself ideating about new and improved ways of doing things and are confident to share your ideas with the rest of the security team
• As a team player and effective communicator, you establish collaborative relationships with technical and non-technical colleagues

What Cowbell needs from you (qualifications):

• 8+ years of security engineering experience, SecDevOps & Infrastructure focus, with a strong Incident Response and Vulnerability Management background
• Must have experience as an Incident Manager or lead; must have extensive incident response and analysis experience.
• Must have hands-on experience securing cloud environments (AWS); past infrastructure operations experience.
• Work collaboratively across teams - Software Engineering, IT, Production Engineering, and beyond to drive down risk
• Capability to deploy, provide maintenance for, and operationalize scanning solutions
• Hands-on ability to conduct scans across infrastructure (end user devices, servers, databases, etc.) both internally and externally for the enterprise
• Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects.
• Ability to deploy best practices for vulnerability management in cloud environments
• Expertise to provide engineering teams with technical guidance on the impact and priority of security issues and driving remediation
• Capability to develop processes and workflows from scratch. Also improving current processes and procedures through well thought out hand-offs, integrations, and automation
• Ability to influence positive change without direct authority over partner engineering and infrastructure teams
• Excellent communication and presentation skills
• Familiarity with multiple security domains such as application security, infrastructure security, network security along with the requisite incident response, and forensic analysis experience.
• Penetration testing experience and understanding of remediation techniques for common misconfigurations and vulnerabilities
• Master's in computer science, Information Security, or equivalent domain.
• Understanding of modern endpoint security technologies/concepts
• Experience with IAM tools and process
• Adept at working with distributed team members over several world geographies and timezones