Senior Security Engineer

## About the Role The Senior Security Engineer at Cohere is a pivotal role that serves as a trusted advisor to the team's leadership and partner teams. The primary focus is on articulating business risks associated with security issues and leading security operation functions in CI/CD and cloud-native production environments. This role is critical in ensuring that security is integrated into every aspect of the application development lifecycle, from design to deployment. The successful candidate will be part of a team that values diversity, inclusivity, and innovation, working closely with product and development teams to drive the success of larger projects without compromising agility and speed.

As a Senior Security Engineer, you will be working in a dynamic environment where no two days are the same. One day, you might be leading vulnerability management efforts, and the next, you could be collaborating with the development team to integrate security into a new feature. Your expertise will be crucial in ensuring that the company's applications are built and deployed securely, without hindering the speed and agility that define the tech industry.

The role is based in Toronto but offers the flexibility of remote work, aligning with the modern professional's desire for work-life balance and flexibility. Cohere is committed to creating an inclusive work environment, celebrating diversity, and providing equal opportunities to all applicants.

## What You Will Do - Serve as a trusted advisor on security matters to the team's leadership and partner teams, providing clear articulation of business risks associated with security issues.

• Lead security operation functions including vulnerability management, SAST, DAST, detection engineering, and incident response in CI/CD and cloud-native production environments.
• Integrate security into applications throughout the software development lifecycle to ensure secure development practices.
• Collaborate with product and development teams to ensure that software is built and deployed securely without compromising agility and speed.
• Drive and support the bug bounty program, application security reviews, and threat modeling, including code review and dynamic testing.
• Assess and integrate security tools to automate and scale security processes, evaluating open-source vs. vendor solutions.
• Gather and analyze security metrics to address security issues with cross-team dependencies.
• Employ a flexible and constructive approach to building innovative solutions, considering the needs of both technical and non-technical stakeholders.
• Make informed decisions with sometimes limited data, using a combination of technical expertise and business acumen.
• Be a problem solver who is empathetic to developer concerns, driving the success of larger projects through secure coding practices.

## What We Are Looking For - 5+ years of previous experience in Application/Product Security or Security Operations, with a strong focus on security tool onboarding and optimization.

• Understanding of vulnerability management, network security, cloud security concepts, and industry best practices across many fields of security.
• Ability to work with ambiguity and make informed decisions with limited data.
• Flexible and constructive approach to solving problems, with the ability to make trade-offs between build vs. buy decisions.
• Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls.
• Experience with secure engineering best practices and the ability to articulate problem statements and propose solutions to both technical and non-technical audiences.
• Familiarity with automating controls and a keen interest in innovating security processes.
• Strong communication skills, with the ability to present complex security concepts in a clear, concise manner.

## Nice to Have - Experience with cloud security platforms such as AWS or Azure.

• Knowledge of containerization technologies like Docker and Kubernetes.
• Familiarity with security orchestration, automation, and response (SOAR) solutions.
• Participation in bug bounty programs or experience with vulnerability disclosure processes.

## Benefits and Perks - An open and inclusive culture and work environment that values diversity and promotes equal opportunities.

• The opportunity to work closely with a team on the cutting edge of AI research, contributing to the development of innovative technologies.
• Weekly lunch stipend, in-office lunches, and snacks to support your well-being and work-life balance.
• Full health and dental benefits, including a separate budget for mental health support, ensuring you and your family are cared for.
• 100% Parental Leave top-up for up to 6 months, supporting you during significant life events.
• Personal enrichment benefits towards arts and culture, fitness, and wellness, recognizing the importance of personal growth and development.
• Flexible remote work arrangements, allowing you to work from anywhere and maintain a healthy work-life balance.

- Highlight transferable skills: Even if you don't have exact experience in application security, highlighting any transferable skills such as network security or compliance experience can make your application more competitive.

• Build a personal project: Demonstrating your skills through personal projects, such as contributing to open-source security tools or creating your own security-related project, can significantly enhance your application.
• Prepare for behavioral questions: Be ready to provide specific examples of how you've handled security incidents or integrated security into development lifecycles in the past.
• Stay updated on industry trends: Show your passion for security by discussing current trends, recent vulnerabilities, and how you stay informed about the latest security best practices.
• Emphasize soft skills: Given the collaborative nature of the role, emphasizing your ability to work with cross-functional teams, communicate complex security concepts, and empathize with developer concerns can be just as important as technical skills.
• Negotiate based on research: Use online resources to research the market rate for your position and negotiate your salary package accordingly, considering all benefits and perks offered by the company.