The Challenge
As a leading provider of workforce management solutions, Quinyx handles sensitive customer data. The company required a security program that was both rigorous and auditable. Prior to partnering with Cobalt, their pentesting program lacked the necessary structure and objective perspective required for scale and compliance.”
Quinyx’s in-house security efforts, which primarily focused on detecting and fixing vulnerabilities found in the OWASP Top 10 lists, were lacking the external validation needed to comprehensively assess their security maturity. Engineering Director Pierre Lemerle stated, “When we conducted tests ourselves, they were always full of our own biases, which could lead to missing important issues.” Furthermore, Quinyx’s previous experiences with pentest providers were unsuccessful and eventually discontinued due to a lack of valuable findings. As Quinyx pursued SOC2 compliance, the team recognized the need for a repeatable, scalable, and auditable approach to pentesting.
The Solution
Pierre led the search for a modern pentesting program and successfully advocated for working with Cobalt. As he explained, “I had worked with Cobalt previously at my former organization, and the collaboration was very successful. It was a no-brainer for me to work with them again.” Cobalt was chosen specifically to provide the structured, auditable program Quinyx needed to achieve SOC2 compliance.
The core of the Cobalt solution was its seamless, developer-centric communication and actionable insights. Pierre noted, “By integrating Cobalt’s security experts directly into our Slack channels, the experience is very user-friendly and highly collaborative. It’s like having an extension of our own team with elite, specialized skills.” This direct collaboration, combined with the Cobalt Offensive Security Platform’s features, drastically reduced security friction. Real-time findings and centralized reporting shortened the lag between discovery and remediation. Cobalt also provided valuable, personalized advice based on Quinyx’s specific systems, enabling engineers to learn and continually improve their security practices.
The Outcome
The partnership with Cobalt helped deliver compliance and efficiency goals for Quinyx. The external, unbiased assessments were instrumental in validating the company’s security controls and successfully achieving SOC2 certification in 2025.
The streamlined process and real-time collaboration significantly improved Quinyx’s mean time to resolve (MTTR) vulnerabilities. Quinyx began consistently closing all medium findings within one month and all low findings within three months. This efficiency gain led to critical security improvements across their platform. For instance, platform engineers completely rebuilt, simplified, and reinforced the login system based on pentest findings. The detailed and insightful pentests also helped improve the security and testing of their APIs.
By providing trustworthy, expert assessments, Cobalt helped Quinyx validate the security of sensitive customer data. Pierre concluded, “Cobalt isn’t just a vendor; it’s a flexible, modern pentesting partner that integrates directly into our engineering workflows, allowing us to continuously validate security as we deliver new features.”
