[Remote] Manager, Security Engineering

Note: The job is a remote job and is open to candidates in USA. Cohere is a company focused on scaling intelligence to serve humanity through the deployment of AI systems. The Manager of Security Engineering will be responsible for leading the security team, managing vulnerability processes, and ensuring compliance with security standards while collaborating with leadership on strategic initiatives.

Responsibilities

• Serve as trusted advisor to team’s leadership and partner teams by clearly articulating business risks associated with security issues
• Execute the long-term vision for the Security team in alignment with Cohere’s product and business goals
• Collaborate closely with leadership to prioritize high-impact initiatives and strategic customer engagements
• Vulnerability Management: Develop and implement enterprise-wide vulnerability management processes and tooling, including identification, prioritization, remediation tracking, and reporting, including customer artifacts
• Static Application Security Testing (SAST): Establish SAST programs, integrate tools into CI/CD pipelines, and analyze results to identify and remediate security flaws in source code
• Dynamic Application Security Testing (DAST): Implement DAST methodologies, configure scanning tools, and conduct regular assessments of running applications
• Penetration Testing: Lead and oversee internal and external penetration testing engagements, including web application, API, network and agentic AI platform including managing our bug bounty program
• Security Architecture Review: Collaborate with development teams to review and validate security architecture and design patterns
• Secure SDLC Integration: Embed security practices throughout the software development lifecycle, working closely with engineering and product teams
• Team Leadership: Lead and grow a high-performing team of Security engineers through hiring, coaching, and mentorship
• Metrics and Reporting: Establish key security metrics, generate regular reports for leadership, and communicate security posture to stakeholders
• Compliance and Standards: Ensure application security practices align with industry standards (OWASP Top10 for LLMs, ISO 27001) and regulatory requirements

Skills

• 8+ years of previous experience in Application Security / Security Engineering with a strong focus on vulnerability management, SDLC and bug bounty programs
• Proven experience with SAST, DAST, and penetration testing methodologies and tools
• Proficiency with programming languages (Python, GoLang, etc.) and web technologies
• Experience with cloud platforms (AWS, GCP, Azure) and container security
• Excellent communication and interpersonal skills with ability to influence technical and non-technical stakeholders
• Experience building and managing high-performing security teams
• Comfortable with ambiguity and able to make informed decisions with little data
• Employ a flexible and constructive approach when solving problems
• Able to make trade-offs between build vs. buy decisions—help build solutions and be able to review what tools are available
• Understand secure engineering best practices, can articulate problem statements, and propose solutions to both technically savvy and non-technical audiences
• Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls

Benefits

• An open and inclusive culture and work environment
• Work closely with a team on the cutting edge of AI research
• Weekly lunch stipend, in-office lunches & snacks
• Full health and dental benefits, including a separate budget to take care of your mental health
• 100% Parental Leave top-up for up to 6 months
• Personal enrichment benefits towards arts and culture, fitness and well-being, quality time, and workspace improvement
• Remote-flexible, offices in Toronto, New York, San Francisco, London and Paris, as well as a co-working stipend
• 6 weeks of vacation (30 working days!)

Company Overview

Company H1B Sponsorship