Director, Security Engineering

About Pantheon

Pantheon WebOps Platform powers the open web running more than 300000 sites in the cloud for customers including Google Princeton Salesloft and Doctors Without Borders. Every day thousands of developers and marketers create iterate and scale WordPress and Drupal sites to reach billions of people globally. Pantheons multitenant container-based platform enables organizations to manage all of their websites from a single dashboard. Organizations including Clorox and the United Nations drive results through accelerated development and real-time publishing using Pantheons collaborative workflows.

The Role

Pantheon is looking for a Director to join our Security team. Were expanding an impressive and growing platform that powers hundreds of thousands of websites millions of containerized resources billions of monthly page views and development tools that professional website developers use.

As the Security Engineering Director you will play a pivotal role in ensuring the security of the Pantheon Platform safeguarding the thousands of websites hosted on Pantheon to create a safe and secure digital environment. This position holds paramount importance within the Security Organization as you will collaborate closely with leaders across our Product and Engineering Legal and Governance Risk and Compliance teams. By leading initiatives in application and platform security you will contribute directly to the reliability and resilience of our services fostering a robust security culture within our engineering teams. This role is not only about fortifying our defenses but also about championing innovation implementing best practices and staying ahead of emerging threats to uphold Pantheons commitment to excellence in digital security. This leader will ensure all application and platform security initiatives support and strengthen our ongoing compliance with standards like PCI-DSS Level 2 and SOC2 (Security Confidentiality and Reliability) directly impacting our trustworthiness with customers. Join us in this exciting opportunity to shape the future of secure web hosting and make a lasting impact on the digital experiences of our diverse user base.

What you Need to Succeed

• Manage a high-performing team of security engineers fostering a positive and collaborative environment
• Responsible for managing the security engineering budget and the selection deployment and operation of security tools (like SAST/DAST IAST Cloud Security Posture Management - CSPM)
• Collaborate with the Governance Risk and Compliance (GRC) team to translate regulatory requirements (like PCI-DSS and SOC2) into actionable engineering requirements and control implementation.
• Develop and implement the companys security vision and roadmap including a strong emphasis on Shift Left principles.
• Perform security reviews to identify security issues and risks and develop mitigation plans
• Advise and consult with internal customers on risk assessment threat modeling code review and vulnerability remediation
• Drive the adoption of secure coding practices across the engineering organization through training workshops and mentorship.
• In conjunction with Security Operations investigate respond and communicate security incidents promptly and effectively minimizing potential harm and ensuring swift resolution.
• Partner with other engineering teams to integrate security considerations into their product roadmaps design decisions and development processes.
• Identify and recruit talented security champions across various teams to serve as ambassadors and advocates for security best practices.
• Stay current with the latest security threats trends and technologies and actively explore innovative solutions for mitigating emerging risks.
• Develop and deliver security training and outreach to internal development teams
• Communicate effectively with stakeholders across all levels of the organization providing clear and concise updates on security posture and initiatives.

What you Bring to the Table

• 10 years of experience in information security or a related field.
• Excellent leadership skills and teamwork skills.
• Industry-leading security certification such as CISSP CISM or CSSLP.
• Deep experience with major cloud platforms (e.g. AWS GCP Azure) including Infrastructure as Code (IaC) security (e.g. Terraform CloudFormation)
• Significant experience and detailed technical knowledge in multiple areas: security engineering web encryption protocols and application security.
• Proven experience translating ISO 27001 or NIST 800-53 controls into practical engineering-focused security requirements.
• Detailed knowledge of application and platform security vulnerabilities and remediation techniques
• Proven experience leading and managing a team of security engineers.
• Good understanding of Shift Left and Security by Design.
• Extensive knowledge of web application security common vulnerabilities and relevant security tools.
• Experience with secure coding practices and software development lifecycle (SDLC) integration.
• Excellent communication collaboration and problem-solving skills.
• Ability to work independently and prioritize effectively in a fast-paced environment.
• Strong passion for security and a desire to create a secure and resilient technology ecosystem.
• Experience with Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) tools (e.g. Wiz) is a strong plus.

What We Offer

We have all the usual perks and benefits but what we can really offer you is a fantastic work environment powered by an amazing team.

• Industry competitive compensation and equity plan
• Flexible time off sick days and 13 paid holidays
• Comprehensive medical insurance including Health Dental and Vision
• Paid parental leave (plus fertility adoption and other family planning benefits)
• In-office workspace (San Francisco)
• Monthly allowance for wellness reading and access to LinkedIn Learning for continued development
• Events and activities both team-based and company-wide that inspire educate and cultivate

Pantheon is an equal-opportunity employer and we welcome applications from all backgrounds regardless of race color religion sex national origin ancestry age marital status sexual orientation gender identity veteran status disability or any other classification protected by law. Pantheon complies with federal and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. If you need reasonable accommodation due to a disability for any part of the interview process please contact Pursuant to local and federal regulations Pantheon will consider qualified applicants with arrest and conviction records for employment.

The base salary range for this role is $195500$220000 USD. This position also offers a performance bonus dependent on company performance. Our salary ranges are determined by role level and location.

After an offer is made and accepted E-Verify will be used to confirm your identity and employment eligibility as required by the U.S. Department of Homeland Security.

Visa sponsorship is not available at this time.

To review the Employee and Applicants Privacy Policy clickhere.