Enabling more productive conversations through behavioral science & technology
Cogito is looking to add an information security engineer to its dynamic and growing information security department, which is responsible for managing the organization’s security risk through technology, process, and awareness. This individual contributor role will report to the information security manager and assist in the implementation and operation of Cogito’s information security program. The individual will work with the security of both Cogito’s organization and SaaS-based product. This is a technical role that will require a thirst for learning and execution.
- Perform vulnerability scanning against systems in all stages of the SDLC.
- Develop and tune SIEM alerts and configuration change alerts to proactively minimize risk to Cogito.
- Review alerts and findings from SIEM, IDS, scanners, and AWS security tools.
- Document and track risks, vulnerabilities, requirements, and exceptions, as well as the progress of their associated work streams.
- Collaborate with engineering, product management, IT, and cloud operations teams on prioritization and implementation of remediations and mitigations, execution of information security initiatives, and consultation on security topics.
- Maintain dashboards and metrics to track the security posture of Cogito.
- Implement, manage, and automate infrastructure and services used for security tooling.
- Keep current with new technologies and threats in order to better inform Information Security processes and initiatives.
- Manage access grants, revocations, and permissions across Cogito’s infrastructure.
- Assist with responses to technical questions from customers, auditors, and internal stakeholders.
- Support information security initiatives to maintain compliance with the HITRUST, PCI-DSS, and SOC 2 frameworks.
- Develop Information Security procedures and data flow diagrams.
- At least 1 year of experience in performing information security functions
- Knowledge of fundamental security topics, including cloud security, identity and access management, encryption, and application security
- A passion for learning and staying current with the industry
- Experience with securing AWS and Linux environments, preferably in a regulated environment subject to HIPAA or PCI-DSS
- Experience working with Python, Terraform, Ansible, and Git
- Exposure to Docker and Kubernetes, preferably with experience using them for production workloads
- Experience with Rapid7 InsightVM, Sumo Logic, and Veracode
- Ability to develop documentation for systems, procedures, and security analyses
- Ability to communicate with both technical and non-technical individuals about risks, threats, vulnerabilities, mitigations, remediations, and controls
- An automation-first mindset
Your choice of comprehensive benefits for you and your family’s health, dental, vision, disability, and life insurance
401(k) retirement plan options
Company paid parental leave upon hire
Competitive pay, stock options, and annual bonus eligibility
20 days vacation time, 5 days sick time, 2 floating holidays and 11 company holidays (yes, Patriot’s Day is a holiday)
Frequent catered lunch and live product demos. Stocked groceries in the kitchen
Pre-tax commuter benefits
Ongoing professional development and cross-training
Casual dress and fun office atmosphere
Cogito at a glance
Cogito focuses on Healthcare, Financial Services, CRM, Machine Learning, and Artificial Intelligence. Their company has offices in Boston. They have a mid-size team that's between 51-200 employees. To date, Cogito has raised $92.5M of funding; their latest round was closed on September 2019.