Software Engineer, Security

About the Role

The day-to-day responsibilities of this role will involve working on software development, secure coding, and authentication and data protection. You will be responsible for implementing authentication mechanisms, including user login, token management, and authorization checks, to maintain data integrity. Your work will have a significant impact on the company's customers, who rely on the security features you develop.

Cohere is a team of researchers, engineers, designers, and more, who are passionate about their craft. Each person is one of the best in the world at what they do, and the company values diversity and inclusivity. As a Software Engineer with a security focus, you will be part of a team that is committed to creating a secure and innovative AI system.

What You Will Do

• Contribute to the core development of security features such as OIDC/OAuth flows and session management
• Write secure code to handle OIDC tokens, user claims, and sensitive data, adhering to best practices for JWT validation and encryption
• Implement authentication mechanisms, including user login, token management, and authorization checks, to maintain data integrity
• Integrate new tools to enhance the security capabilities of the AI system
• Design and implement secret management within Kubernetes clusters, including encryption and RBAC
• Collaborate with stakeholders to communicate security best practices and concepts
• Work on DevSecOps, ensuring the security of the AI system throughout the development process
• Participate in code reviews and contribute to the improvement of the codebase
• Stay up-to-date with the latest security best practices and technologies

What We Are Looking For

• 5+ years of experience building user-facing security features in production systems
• Expertise in Python and confidence in shipping production code
• Deep understanding of OIDC/OAuth 2.0, JWT validation, and token lifecycle management
• Hands-on experience with Kubernetes in both development and production environments
• Experience working with cloud deployments, including GCP, AWS, Azure, or hybrid/multi-cloud
• Strong communication skills, with the ability to explain security concepts to non-security engineers and stakeholders
• Ability to thrive in fast-moving environments where priorities evolve
• Experience working with AI/ML systems or LLM-based applications

Nice to Have

• Experience with DevSecOps tools and practices
• Knowledge of security frameworks and compliance standards
• Familiarity with containerization and orchestration tools

Benefits and Perks

• Opportunity to work on cutting-edge AI technology
• Collaborative and dynamic work environment
• Flexible work arrangements, including remote work options
• Professional development opportunities, including training and conference attendance
• Access to the latest tools and technologies
• Competitive compensation package
• Comprehensive health and dental benefits
• Parental leave top-up and mental health support
• Personal enrichment benefits, including arts and culture, fitness, and workspace improvement

• Make sure to highlight your experience with secure coding practices and security protocols in your application.
• Showcase your ability to communicate complex security concepts to non-technical stakeholders.
• Be prepared to discuss your experience with Kubernetes and cloud security during the interview process.
• Familiarize yourself with Cohere's mission and values, and be ready to explain how your skills and experience align with them.
• Consider including examples of your own security-related projects or contributions to open-source repositories in your portfolio.
• Don't be afraid to ask about the company culture and team dynamics during the interview, to ensure you're a good fit for the role.