Cybersecurity Advisor

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders' cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell's underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes.

Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell's mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats.

Position: Cybersecurity Advisor

We are seeking a highly skilled and business-focused Cybersecurity Advisor with a proven ability to deliver technical security assessments while engaging directly with Policyholders, partners, and internal teams. This role requires strong penetration testing expertise, excellent communication skills, and the ability to translate technical findings into actionable business outcomes.

You will play a pivotal role in reducing Policyholders' risk exposure, supporting Underwriting and Claims, and contributing to Cowbell's Resiliency Services. By combining technical depth with policyholder engagement, you will help align security execution with business objectives and drive measurable value for stakeholders.

Key Responsibilities

• Conducting penetration testing, assessing and exploiting security flaws, reporting findings, collaborating on remediation, and engaging with policyholders to reduce risk.
• Provide clear and detailed reports, including technical documentation and executive-level summaries.
• Collaborate with development, infrastructure, and security teams to recommend remediation strategies.
• Positively impact Cowbell's bottom line by working with Policyholders and partners to lower Policyholders' risk exposure.
• Actively support programs and assigned regions (e.g., Australia).
• Provide technical support to Underwriting by delivering risk insights during policy assessments.
• Engage directly with Policyholders through:
  • Risk Assessment calls
  • Subjectivity calls
  • Claims calls
  • Micro-Pen Testing (MPT) execution and deliveries
  • Webinars and educational sessions
  • Risk report creation, delivery, and introductions
  • Platform introductions and walkthroughs, as needed
  • Responding to general security inquiries
• Document and maintain historical calls and questionnaires within the Cowbell Platform.
• Support Cowbell's Resiliency Services by delivering advisory and security services that enhance Policyholder resilience.
  
  

Stakeholder Engagement

• Act as the primary liaison with Policyholders, Underwriting, and Claims teams to ensure security assessments align with business needs.
• Translate complex technical findings into actionable risk insights that support underwriting decisions and resiliency outcomes.
• Communicate status, key risks, and remediation dependencies clearly to Policyholders and cross-functional teams.
• Cooperate with internal Product, Security, and Resiliency Services teams to ensure Cowbell's platform and reports deliver measurable value to stakeholders.

Team Coordination

• Cooperate with cross-functional teams including Underwriting, Claims, Engineering, and Resiliency Services
• Foster a culture of knowledge-sharing, accountability, and continuous learning within the security assessment team.
• Coordinate the execution and delivery of Micro-Penetration Testing (MPTs), risk assessments, and policyholder-facing reports to ensure timely and accurate delivery.

Process & Delivery Excellence

• Champion penetration testing and security assessment best practices to ensure consistency, accuracy, and measurable risk reduction for Policyholders.
• Leverage data-driven insights to optimize assessment processes and improve overall delivery quality.

Qualifications

• Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• 4+ years of experience in penetration testing, ethical hacking, or offensive security.

Technical Skills

• Operating Systems & Networking: Proficient in Windows, Linux, and macOS; strong grasp of TCP/IP, DNS, HTTP/S, VPNs, routing, and common network protocols.
• Penetration Testing Tools: Expertise with Metasploit, Burp Suite, Wireshark, Nessus, Nmap, Netcat, Nuclei, Nikto, and WPScan.
• Application & Web Security: Deep understanding of OWASP Top 10 and application vulnerabilities (SQLi, XSS, CSRF, RCE, IDOR); experienced in testing APIs, web applications, and cloud platforms.
• Scripting & Programming: Proficient in Python, Bash, PowerShell, Ruby, or Perl for custom script and exploit development.
• Security Frameworks & Standards: Familiar with MITRE ATT&CK, PTES, NIST, CVSS; knowledge of ISO 27001, PCI DSS, HIPAA, GDPR.
• Cloud & Infrastructure Security: Experience with AWS, Azure, GCP security testing and container security.
• Additional Skills: Active Directory assessments, high-quality technical and executive reporting.
• Risk Assessment & Reporting: Ability to perform technical risk assessments, translate findings into actionable reports, and apply risk rating methodologies (CVSS, OWASP Risk Rating, FAIR).
• Policyholder Engagement: Skilled in leading security calls (risk assessments, subjectivity calls, claims support) and simplifying technical vulnerabilities for non-technical audiences.
• Soft Technical Competencies: Strong communication and presentation skills; connects technical findings to business outcomes; supports global regions and their regulatory/security needs.

Soft Skills

• Problem-solving abilities with a keen attention to detail.
• Capable of working both independently and within a team setting.
• Strong communication and cooperation skills.
• Ability to work across cultural, organizational and linguistic barriers.
• Flexibility to adapt to new technologies and a commitment to continuous learning.

Domain Experience

• Extensive experience in Cybersecurity engineering.
• Extensive experience in penetration testing, vulnerability management, and offensive security across web, network, and cloud environments.
• Proven ability to engage directly with Policyholders to assess risk, validate controls, and deliver actionable security insights that reduce exposure.
• Familiarity with regulatory and compliance frameworks relevant to cyber insurance and resilience (e.g., ISO 27001, NIST CSF, GDPR, PCI DSS).
• Good to have work experience in Insurance.

Equal Employment Opportunity:

We are committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability, or veteran status.

Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE—Transparency, Resiliency, Urgency, and Empowerment—we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk.

At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards.

We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.

Cowbell is an E-Verify employer. E-Verify is a web-based system that allows an employer to determine an employee's eligibility to work in the US using information reported on an employee's Form I-9. The E-Verify system confirms eligibility with both the Social Security Administration (SSA) and Department of Homeland Security (DHS). For more information, please go to the USCIS E-Verify website.

For more information, please visit

Cowbell Cyber does not permit the use of AI tools during any stage of our interview process. By submitting your application, you agree to complete all assessments and interviews without the use of generative AI assistance.