Staff Security Engineer

Full Time
Vancouver, BC, Canada
8 months ago

About Pantheon

Pantheon is the WebOps platform for websites that deliver extraordinary results. We believe in putting the magic of the internet in everyone’s hands. That’s why we’re so passionate about helping developers, IT and marketing develop, test, and release website changes faster and more reliably so they can build and maintain websites that create value for their organizations. Our cloud native software makes it easy to securely manage a single website or thousands of websites across multiple teams in one platform.

Pantheon’s core company values are Trust, Teamwork, Passion, and Customers First. At Pantheon, we work hard and play harder, valuing individuality, humor, and balance. We're enthusiastic participants in several open-source communities and have real relationships with many of our most active customers. If all of this sounds interesting to you, read on!

The Role 

Pantheon’s Application Security team is responsible for safeguarding, auditing, and testing the security of Pantheon's entire platform. Our Application Security team aims to create a comprehensive and multi-dimensional approach to application security, with a focus on Security by Design in agile software development and cloud native environments. 

We are seeking a passionate, driven, and experienced application security engineer to join our growing team. As a Staff Application Security Engineer, you will help our engineering teams design and build applications that are secure and perform well by mitigating security issues. You will help mentor, coach and support all team members in security engineering across the organization as a subject matter expert. You will fill a key role in helping define, organizing and implementing application security policy, process, standards, guidelines and their implementation.  

What You Need to Succeed  

  • Software Composition Analysis: Composition of software, dependencies, BOM and supply chain security.
  • Static Application Security Testing (SAST): With SAST, we delve into the application's source code, examining it meticulously for vulnerabilities and weaknesses.
  • Dynamic Application Security Testing (DAST): Our DAST capability involves the thorough security assessment of running applications.
  • Threat Modeling: Threat modeling is the cornerstone of our proactive security strategy, and a key principle in Secure by Design.
  • Secure Code and Architecture Design Review: Our secure code review capability combines both manual expertise and automated analysis with various custom and vendor based tools. Architecture and Design reviews involve threat modeling, technology and risk based assessment. 

You will 

  • Define process, guidelines and practices to ensure secure software development, collaborating with the team members and cross organizational stakeholders.
  • Automate application security testing and controls.
  • Conduct platform services testing to identify application security issues, adhering to industry standards like OWASP Web Security Testing Guide.
  • Partner with engineering teams and product managers to prioritize and address vulnerabilities in Pantheon's Platform.
  • Engage in both internal and external (vendor) penetration testing
  • Develop, Deploy, and Manage technical application security controls to meet regulatory and compliance requirements.
  • Participate in audit processes to ensure regulatory and compliance needs.
  • Contribute to the governance of platform security and fostering innovation within Pantheon’s Platform.

What You Bring To The Table  

  • Bachelors of Computer Science or a related field, or equivalent experience.
  • 10+ years overall experience in Security, Software and Platforms, with 5+ years dedicated to Application Security.
  • Experience in Cloud environments.
  • Experience in Secure by Design development practices, including providing guidance on Secure Architecture and System Design.
  • Familiarity with SDLC and SDL methodologies.
  • Ability to build or select application security tools and implement CI/CD pipelines.
  • Strong communication skills for collaborating with engineering teams on complex application security issues.

Bonus

  • Experience with Security Infrastructure, Kubernetes Security, and Penetration Testing 

What We Offer

We have all the usual perks and benefits but what we can really offer you is a fantastic work environment powered by an amazing team.

  • Industry competitive compensation and equity plan
  • Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
  • Full medical coverage (Extended health care, dental, vision)
  • Top-of-line equipment
  • Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
  • Events and activities both team-based and company wide that inspire, educate and cultivate

Pantheon is an equal opportunity action employer and we welcome applications from all backgrounds regardless of race, color, religion, sex, national origin, ancestry, age, marital status, sexual orientation, gender identity, veteran status, disability, or any other classification protected by law. Pantheon complies with federal and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. If you need a reasonable accommodation due to a disability for any part of the interview process, please contact talent@pantheon.io. Pursuant to local and federal regulations, Pantheon will consider qualified applicants with arrest and conviction records for employment.

To review the Employee and Applicant's Privacy Policy, click  here.  

Visa Sponsorship is not available at this time.

#LI-PG1