Cowbell Cyber

Sr. Application Security Engineer

Pune, India Remote Hybrid
Java Python React AWS JavaScript Elasticsearch API
Description

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders’ cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell’s underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes.

Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell’s mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats.

Position Overview

In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Application Security Engineering (Dev).

What we do

The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers’ security journey with tried and true best practices. We are a Java, Python, and React shop combined with world class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It’s challenging and rewarding!

If you are up for the challenge, come join us.

The Opportunity

First and foremost, you are a developer at heart with a passion for security! You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities.

Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure). 

Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk.

Help in developing the capability to automate triaging, validating, reporting and reproducing application vulnerabilities, then capture and document your excellent work.

Qualifications

  • Bachelor's degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python.
  • Must have prior in-depth demonstrable experience developing in JAVA and Python; Basically you are developer first and a security engineer second. Applicants that do not have this experience will not be considered.
  • Experience developing in, and securing, Javascript and React a plus.
  • Experience securing integrations and code that utilizes Elasticsearch, Snowflake, Databricks, RDS a big plus.
  • Detail-oriented with problem solving, communication, and analytical skills.
  • Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation.
  • Excellent understanding and utilization of OWASP
  • Demonstrated ability to secure API; Techniques, patterns, will be assessed.
  • Experience designing and implementing application security solutions for web and or mobile applications
  • Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects.
  • Experienced in application penetration testing;  and understanding of remediation techniques for common misconfigurations and vulnerabilities
  • Demonstrable experience in understanding patching and library upgrade paths including interdependencies
  • Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus.
  • Capability to deploy, provide maintenance for, and operationalize scanning solutions.
  • Hands-on ability to conduct scans across application repositories and infrastructure.
  • Must be willing to work extended hours and weekends as needed
  • Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts.

Preferred Qualifications

  • You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE
  • Proficient with penetration testing tools such Burp suite, Metasploit or ZAP
  • You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better.
  • As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation
  • Capability to develop operational process from scratch or improve current processes and procedures through well thought out hand-offs, integrations, and automation
  • Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications
  • Understanding of modern endpoint security technologies/concepts
  • Adept at working with distributed team members

What Cowbell brings to the table:

  • Employee equity plan for all and wealth enablement plan for select customer facing roles
  • Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours and much more
  • Professional development and the opportunity to learn the ins and outs of cyber insurance, cyber security as well as continuing to build your professional skills in a team environment

Equal Employment Opportunity:

We are committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability, or veteran status.
Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE—Transparency, Resiliency, Urgency, and Empowerment—we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk.

At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards.
We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.

For more information, please visit https://cowbell.insure/.

Cowbell Cyber
Cowbell Cyber
FinTech Insurance InsurTech

0 applies

5 views

Other Jobs from Cowbell Cyber

Senior Software Engineer, Backend

Pune, India Remote Hybrid

Senior Software Engineer, Fullstack

Pune, India Remote Hybrid

Senior Fullstack Engineer

Toronto, Ontario Canada

Senior Fullstack Engineer

Remote Dallas, TX

There are more than 50,000 engineering jobs:

Subscribe to membership and unlock all jobs

Engineering Jobs

60,000+ jobs from 4,500+ well-funded companies

Updated Daily

New jobs are added every day as companies post them

Refined Search

Use filters like skill, location, etc to narrow results

Become a member

🥳🥳🥳 401 happy customers and counting...

Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.

To try it out

For active job seekers

For those who are passive looking

Cancel anytime

Frequently Asked Questions

  • We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
  • We've got about 70,000 jobs from 5,000 vetted companies. No fake or sleazy jobs here!
  • We aggregate jobs from 5,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
  • We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
  • Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
  • Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
  • Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅

What Fellow Engineers Say