Staff Security Engineer

About Pantheon

Pantheon WebOps Platform powers the open web running more than 300000 sites in the cloud for customers including Google Princeton Salesloft and Doctors Without Borders. Every day thousands of developers and marketers create iterate and scale WordPress and Drupal sites to reach billions of people globally. Pantheons multitenant container-based platform enables organizations to manage all of their websites from a single dashboard. Organizations including Clorox and the United Nations drive results through accelerated development and real-time publishing using Pantheons collaborative workflows.

The Role

Pantheons Security Engineering team is responsible for safeguarding auditing and testing the security of Pantheons entire platform. Our Security Engineering team aims to create a comprehensive and multi-dimensional approach to application security with a focus on Security by Design in agile software development and cloud native environments.

We are seeking a passionate driven and experienced application security engineer to join our growing team. The Staff Security Engineer is a key strategic and technical role within the Application Security team.

Our mission is to safeguard audit and test the security of the entire cloud hosting platform in these core areas:

• Security by Design: Implement Security by Design within agile software development and cloud-native environments.
• Support and Mentorship: Act as a Subject Matter Experts (SMEs) mentoring coaching and supporting all security engineering efforts across the organization.
• Standard Setting: Define organize and implement application security policy process standards and guidelines.
• Application Security Performance: Helping engineering teams design and build high-performing secure applications by mitigating security issues in a risk-based manner.

What You Will Do

• Policy Definition: Define document and champion processes and practices for a secure Software Development Life Cycle (SDLC).
• Security Culture: Be a driving force in establishing a strong security culture within platform engineering teams.
• Proactive Security: Lead Threat Modeling as a core principle for the Secure by Design strategy.
• Secure Design Reviews: Conduct Secure Code and Architecture Design Reviews including threat modeling and technology/risk-based assessments.
• Automation: Automate application security testing and controls integrating them directly into the CI/CD pipelines.
• Tooling: Responsible for the deployment operation and tuning of security tools (SAST DAST IAST and CSPM) with a focus on platforms like CodeQL and .
• Vulnerability Management: Partner with engineering to effectively prioritize and remediate identified vulnerabilities.
• Supply Chain & Testing: Manage tools for Software Composition Analysis (SCA) to ensure supply chain security. Coordinate internal and external Penetration Testing activities with the Security Operations team.

What You Need to Succeed

• Problem-Solving: Ability to bring standardization to inconsistent internal practices and transition to industry best practices.
• Communication: Strong communication skills essential for partnering with engineering teams.
• Commitment: Demonstrated commitment to teamwork professionalism and authenticity fostering trust and accountability.
• Grit: Understanding that establishing security best practices is a marathon requiring persistence across many stakeholders.

What You Bring to the Table

• Overall Experience: Minimum of 10 years of overall experience with at least 5 years dedicated to Application Security.
• Development Practices: Deep hands-on experience in Secure by Design development practices including guiding Secure Architecture and System Design.
• Cloud Proficiency: Extensive experience securing production systems in Cloud environments (e.g. AWS Azure GCP).
• Coding Proficiency: Ability to build maintainable components in Go or Python.
• CI/CD Fundamentals: Hands-on experience with jenkins/cloud pipelines/ circleci (bonus points for experience with reusable workflows).
• Cloud & Infrastructure: Experience working with containerization (e.g. Docker OCI) Terraform and Kubernetes (K8s).
• Tooling: Proven ability to build select and implement application security tools and integrate them into CI/CD pipelines.
• Education: Bachelors degree in Computer Science or equivalent practical experience.

What We Offer

We have all the usual perks and benefits but what we can really offer you is a fantastic work environment powered by an amazing team.

• Industry competitive compensation and equity plan
• Paid Time Off (PTO) Paid Sick Leave (PSL) and 11 Paid Company Holidays
• Full medical coverage (Extended health care dental vision)
• Top-of-line equipment
• In-office workspace (Vancouver BC Canada)
• Monthly allowance for wellness reading and access to LinkedIn Learning for continued development
• Events and activities both team-based and company wide that inspire educate and cultivate

Pantheon is an equal opportunity employer and we welcome applications from all backgrounds regardless of race color religion sex national origin ancestry age marital status sexual orientation gender identity veteran status disability or any other classification protected by law. Pantheon complies with federal and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. If you need a reasonable accommodation due to a disability for any part of the interview process please contact Pursuant to local and federal regulations Pantheon will consider qualified applicants with arrest and conviction records for employment.

Visa Sponsorship is not available at this time.

To review the Employee and Applicants Privacy Policy click here.

The Canadian base salary range for this position is 176000 to 220000 CAD per year per year. Our salary ranges are determined by role level and location. At Pantheon it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.

#LI-KM1