Senior Security Engineer

Cobalt AI

Senior Security Engineer securing Cobalt's AI platform during pivotal growth phase. Collaborating with engineering leads to manage endpoint and cloud infrastructure security.

Posted 5/17/2026full-timeRemote • California • 🇺🇸 United StatesSenior💰 $160,000 - $190,000 per yearWebsite

Tech Stack

Tools & technologies

CloudPython

About the role

Key responsibilities & impact

Run Cobalt's endpoint and cloud asset security stack across managed laptops, desktops, and cloud infrastructure — including EDR, vulnerability management, and continuous compliance monitoring tooling
Administer Cobalt's compliance automation platform as the system of record for controls and evidence — manage personnel records, reconcile against HRIS and identity provider data, and handle edge cases outside the primary HRIS
Own end-to-end onboarding and offboarding security across employees, contractors, and external partners — verify new hires complete security gating before access is provisioned, apply the right requirements for each personnel tier, and close out access promptly when people leave
Triage alerts from EDR, SIEM, and the vulnerability scanner; recommend patches, file risk acceptances, and gather evidence to close out remediations
Co-own Cobalt's SOC 2 program — coordinate with auditors, gather evidence from internal teams, and run control testing (SSO, IAM, change management, access reviews) ahead of fieldwork
Maintain Cobalt's security policies (vulnerability management, logging and monitoring, incident response, access control), keep them current as the business evolves, and draft new policies when we identify gaps
Own the customer security questionnaire pipeline — partner with Sales, GTM, and product leads to turn around SIG, CAIQ, and bespoke vendor assessments quickly and accurately
Run vendor security reviews for new software and services Cobalt adopts, with clear turnaround expectations and a process the rest of the company can rely on
Triage suspected phishing reports and serve as incident manager when something happens — scope, contain, document, and run the postmortem
Own annual security awareness training rollout and tracking across the company
Partner with Engineering to secure the Cobalt Monitoring Intelligence platform at the edge and bring security perspective into design and code review
Support pen test engagements end-to-end: scoping, remediation tracking, and re-test follow-up

Requirements

What you’ll need

5+ years in a security engineering, security analyst, or IT security role at a SaaS, cloud, or enterprise software company
Hands-on experience running endpoint security and compliance tooling — EDR, vulnerability management, and continuous compliance monitoring platforms — in a regulated environment
Strong working knowledge of SOC 2 Type II controls and direct experience supporting an audit cycle (evidence collection, control testing, auditor coordination)
Experience answering customer security questionnaires (SIG, CAIQ, or bespoke) with technical accuracy and customer-friendly framing
Proficiency with cloud security fundamentals — IAM, network controls, logging, and common attack surfaces — plus solid scripting in Python or Bash
BS in Computer Science, Information Security, or equivalent professional experience
Proven experience collaborating with cross-functional teams and promoting a culture of sharing security knowledge.

Benefits

Comp & perks

Competitive salary
Equity
Full benefits (medical, vision, dental)
Flexible work arrangements

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

EDRvulnerability managementcontinuous compliance monitoringSOC 2 Type II controlsIAMnetwork controlsloggingPythonBash

Soft Skills

collaborationincident managementcommunicationorganizational skillssecurity awareness training

Certifications

BS in Computer ScienceBS in Information Security