Position: Cybersecurity Advisor

We are seeking a highly skilled and business-focused Cybersecurity Advisor with a proven ability to deliver technical security assessments while engaging directly with Policyholders, partners, and internal teams. This role requires strong penetration testing expertise, excellent communication skills, and the ability to translate technical findings into actionable business outcomes.

You will play a pivotal role in reducing Policyholders’ risk exposure, supporting Underwriting and Claims, and contributing to Cowbell’s Resiliency Services. By combining technical depth with policyholder engagement, you will help align security execution with business objectives and drive measurable value for stakeholders.

Key Responsibilities

• Conducting penetration testing, assessing and exploiting security flaws, reporting findings, collaborating on remediation, and engaging with policyholders to reduce risk.
• Provide clear and detailed reports, including technical documentation and executive-level summaries.
• Collaborate with development, infrastructure, and security teams to recommend remediation strategies.
• Positively impact Cowbell’s bottom line by working with Policyholders and partners to lower Policyholders’ risk exposure.
• Actively support programs and assigned regions (e.g., Australia).
• Provide technical support to Underwriting by delivering risk insights during policy assessments.
• Engage directly with Policyholders through:
• Risk Assessment calls
• Subjectivity calls
• Claims calls
• Micro-Pen Testing (MPT) execution and deliveries
• Webinars and educational sessions
• Risk report creation, delivery, and introductions
• Platform introductions and walkthroughs, as needed
• Responding to general security inquiries
• Document and maintain historical calls and questionnaires within the Cowbell Platform.
• Support Cowbell’s Resiliency Services by delivering advisory and security services that enhance Policyholder resilience.
  
  

Stakeholder Engagement

• Act as the primary liaison with Policyholders, Underwriting, and Claims teams to ensure security assessments align with business needs.
• Translate complex technical findings into actionable risk insights that support underwriting decisions and resiliency outcomes.
• Communicate status, key risks, and remediation dependencies clearly to Policyholders and cross-functional teams.
• Cooperate with internal Product, Security, and Resiliency Services teams to ensure Cowbell’s platform and reports deliver measurable value to stakeholders.

Team Coordination

• Cooperate with cross-functional teams including Underwriting, Claims, Engineering, and Resiliency Services
• Foster a culture of knowledge-sharing, accountability, and continuous learning within the security assessment team.
• Coordinate the execution and delivery of Multi-Point Testing (MPTs), risk assessments, and policyholder-facing reports to ensure timely and accurate delivery.

Process & Delivery Excellence

• Champion penetration testing and security assessment best practices to ensure consistency, accuracy, and measurable risk reduction for Policyholders.
• Leverage data-driven insights to optimize assessment processes and improve overall delivery quality.

Qualifications

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• 4+ years of experience in penetration testing, ethical hacking, or offensive security.

Technical Skills

• Operating Systems & Networking: Proficient in Windows, Linux, and macOS; strong grasp of TCP/IP, DNS, HTTP/S, VPNs, routing, and common network protocols.
• Penetration Testing Tools: Expertise with Metasploit, Burp Suite, Wireshark, Nessus, Nmap, Netcat, Nuclei, Nikto, and WPScan.
• Application & Web Security: Deep understanding of OWASP Top 10 and application vulnerabilities (SQLi, XSS, CSRF, RCE, IDOR); experienced in testing APIs, web applications, and cloud platforms.
• Scripting & Programming: Proficient in Python, Bash, PowerShell, Ruby, or Perl for custom script and exploit development.
• Security Frameworks & Standards: Familiar with MITRE ATT&CK, PTES, NIST, CVSS; knowledge of ISO 27001, PCI DSS, HIPAA, GDPR.
• Cloud & Infrastructure Security: Experience with AWS, Azure, GCP security testing and container security.
• Additional Skills: Active Directory assessments, high-quality technical and executive reporting.
• Risk Assessment & Reporting: Ability to perform technical risk assessments, translate findings into actionable reports, and apply risk rating methodologies (CVSS, OWASP Risk Rating, FAIR).
• Policyholder Engagement: Skilled in leading security calls (risk assessments, subjectivity calls, claims support) and simplifying technical vulnerabilities for non-technical audiences.
• Soft Technical Competencies: Strong communication and presentation skills; connects technical findings to business outcomes; supports global regions and their regulatory/security needs.

Soft Skills

• Problem-solving abilities with a keen attention to detail.
• Capable of working both independently and within a team setting.
• Strong communication and cooperation skills.
• Ability to work across cultural, organizational and linguistic barriers.
• Flexibility to adapt to new technologies and a commitment to continuous learning.

Domain Experience

• Extensive experience in Cybersecurity engineering.
• Extensive experience in penetration testing, vulnerability management, and offensive security across web, network, and cloud environments.
• Proven ability to engage directly with Policyholders to assess risk, validate controls, and deliver actionable security insights that reduce exposure.
• Familiarity with regulatory and compliance frameworks relevant to cyber insurance and resilience (e.g., ISO 27001, NIST CSF, GDPR, PCI DSS).
• Good to have work experience in Insurance.