Security Engineer

Vancouver, BC, Canada

Pantheon

Pantheon.io is the website platform built for WordPress and Drupal. We deliver your business needs to build, host, and manage with digital speed and agility.

View company page

The Role 

Pantheon’s Application Security team is responsible for safeguarding, auditing, and testing the security of Pantheon's entire platform. Our Application Security team aims to create a comprehensive and multi-dimensional approach to application security, with a focus on Security by Design in agile software development and cloud native environments. 

We are seeking a passionate, driven, and experienced application security engineer to join our growing team. As a Staff Application Security Engineer, you will help our engineering teams design and build applications that are secure and perform well by mitigating security issues. You will help mentor, coach and support all team members in security engineering across the organization as a subject matter expert. You will fill a key role in helping define, organizing and implementing application security policy, process, standards, guidelines and their implementation.  

What You Need to Succeed  

  • Software Composition Analysis: Composition of software, dependencies, BOM and supply chain security. 
  • Static Application Security Testing (SAST): With SAST, we delve into the application's source code, examining it meticulously for vulnerabilities and weaknesses. 
  • Dynamic Application Security Testing (DAST): Our DAST capability involves the thorough security assessment of running applications.
  • Threat Modeling: Threat modeling is the cornerstone of our proactive security strategy, and a key principle in Secure by Design.
  • Secure Code and Architecture Design Review: Our secure code review capability combines both manual expertise and automated analysis with various custom and vendor based tools. Architecture and Design reviews involve threat modeling, technology and risk based assessment. 

 

  • Define process, guidelines and practices to ensure secure software development, collaborating with the team members and cross organizational stakeholders.
  • Automate application security testing and controls.
  • Conduct platform services testing to identify application security issues, adhering to industry standards like OWASP Web Security Testing Guide.
  • Partner with engineering teams and product managers to prioritize and address vulnerabilities in Pantheon's Platform.
  • Engage in both internal and external (vendor) penetration testing
  • Develop, Deploy, and Manage technical application security controls to meet regulatory and compliance requirements.
  • Participate in audit processes to ensure regulatory and compliance needs.
  • Contribute to the governance of platform security and fostering innovation within Pantheon’s Platform.

What You Bring To The Table  

  • Bachelors of Computer Science or a related field, or equivalent experience.
  • 3-5 years overall experience in Security, Software Development and Platforms 
  • Experience in Cloud environments.
  • Experience in Secure by Design development practices, including providing guidance on Secure Architecture and System Design.
  • Familiarity with SDLC and SDL methodologies.
  • Ability to build or select application security tools and implement CI/CD pipelines.
  • Strong communication skills for collaborating with engineering teams on complex application security issues.

Bonus

  • Experience with Security Infrastructure, Kubernetes Security, and Penetration Testing 

What We Offer

We have all the usual perks and benefits but what we can really offer you is a fantastic work environment powered by an amazing team.

  • Industry competitive compensation and equity plan
  • Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
  • Full medical coverage (Extended health care, dental, vision)
  • Top-of-line equipment
  • Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
  • Events and activities both team-based and company wide that inspire, educate and cultivate

Pantheon is an equal opportunity action employer and we welcome applications from all backgrounds regardless of race, color, religion, sex, national origin, ancestry, age, marital status, sexual orientation, gender identity, veteran status, disability, or any other classification protected by law. Pantheon complies with federal and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. If you need a reasonable accommodation due to a disability for any part of the interview process, please contact talent@pantheon.io. Pursuant to local and federal regulations, Pantheon will consider qualified applicants with arrest and conviction records for employment.

To review the Employee and Applicant's Privacy Policy, click  here.  

Visa Sponsorship is not available at this time.

The Canadian base salary range for this position is between 80,000 - 100,000 CAD per year. Our salary ranges are determined by role, level, and location. At Pantheon, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.

#LI-PY1

Apply now Apply later
  • Share this job via
  • or
Job stats:  10  2  0

Tags: Agile Application security Audits CI/CD Cloud Compliance Computer Science DAST Governance Kubernetes OWASP Pentesting Privacy SAST SDLC Security assessment Security strategy Strategy Vulnerabilities

Perks/benefits: Career development Competitive pay Equity / stock options Health care Medical leave Salary bonus Team events Wellness

Region: North America
Country: Canada

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.