Senior Security Engineer Summary: Cobalt AI uses automation to elevate physical safety and security in the workplace. Our platform, Cobalt Monitoring Intelligence, is a hybrid AI system, cloud-hosted with edge-deployed hardware, that provides human-verified, real-time monitoring of surveillance cameras, alarms, and robots across enterprise locations. Cobalt is seeking a Senior Security Engineer to internalize and expand our security program during a pivotal growth phase. In this role, you will collaborate with engineering leads and security advisors to manage comprehensive operations, from overseeing endpoint and cloud infrastructure to driving SOC 2 audit readiness. You will be responsible for streamlining the customer questionnaire process for Fortune 1000 engagements while maintaining the robust vulnerability management lifecycle necessary to protect our hybrid AI platform. Responsibilities: - Run Cobalt's endpoint and cloud asset security stack across managed laptops, desktops, and cloud infrastructure - including EDR, vulnerability management, and continuous compliance monitoring tooling - Administer Cobalt's compliance automation platform as the system of record for controls and evidence - manage personnel records, reconcile against HRIS and identity provider data, and handle edge cases outside the primary HRIS - Own end-to-end onboarding and offboarding security across employees, contractors, and external partners - verify new hires complete security gating before access is provisioned, apply the right requirements for each personnel tier, and close out access promptly when people leave - Triage alerts from EDR, SIEM, and the vulnerability scanner; recommend patches, file risk acceptances, and gather evidence to close out remediations - Co-own Cobalt's SOC 2 program - coordinate with auditors, gather evidence from internal teams, and run control testing (SSO, IAM, change management, access reviews) ahead of fieldwork - Maintain Cobalt's security policies (vulnerability management, logging and monitoring, incident response, access control), keep them current as the business evolves, and draft new policies when we identify gaps - Own the customer security questionnaire pipeline - partner with Sales, GTM, and product leads to turn around SIG, CAIQ, and bespoke vendor assessments quickly and accurately - Run vendor security reviews for new software and services Cobalt adopts, with clear turnaround expectations and a process the rest of the company can rely on - Triage suspected phishing reports and serve as incident manager when something happens - scope, contain, document, and run the postmortem - Own annual security awareness training rollout and tracking across the company - Partner with Engineering to secure the Cobalt Monitoring Intelligence platform at the edge and bring security perspective into design and code review - Support pen test engagements end-to-end: scoping, remediation tracking, and re-test follow-up Qualifications: - 5+ years in a security engineering, security analyst, or IT security role at a SaaS, cloud, or enterprise software company - Hands-on experience running endpoint security and compliance tooling - EDR, vulnerability management, and continuous compliance monitoring platforms - in a regulated environment - Strong working knowledge of SOC 2 Type II controls and direct experience supporting an audit cycle (evidence collection, control testing, auditor coordination) - Experience answering customer security questionnaires (SIG, CAIQ, or bespoke) with technical accuracy and customer-friendly framing - Proficiency with cloud security fundamentals - IAM, network controls, logging, and common attack surfaces - plus solid scripting in Python or Bash - BS in Computer Science, Information Security, or equivalent professional experience - Proven experience collaborating with cross-functional teams and promoting a culture of sharing security knowledge Salary Range: $160k - $190k (actual compensation will be determined based on experience, location, and other factors permitted by law)