Security Engineer
Vancouver, BC, Canada
Applications have closed
Pantheon
Pantheon.io is the website platform built for WordPress and Drupal. We deliver your business needs to build, host, and manage with digital speed and agility.The Role
Pantheon’s Application Security team is responsible for safeguarding, auditing, and testing the security of Pantheon's entire platform. Our Application Security team aims to create a comprehensive and multi-dimensional approach to application security, with a focus on Security by Design in agile software development and cloud native environments.
We are seeking a passionate, driven, and experienced application security engineer to join our growing team. As a Staff Application Security Engineer, you will help our engineering teams design and build applications that are secure and perform well by mitigating security issues. You will help mentor, coach and support all team members in security engineering across the organization as a subject matter expert. You will fill a key role in helping define, organizing and implementing application security policy, process, standards, guidelines and their implementation.
What You Need to Succeed
- Software Composition Analysis: Composition of software, dependencies, BOM and supply chain security.
- Static Application Security Testing (SAST): With SAST, we delve into the application's source code, examining it meticulously for vulnerabilities and weaknesses.
- Dynamic Application Security Testing (DAST): Our DAST capability involves the thorough security assessment of running applications.
- Threat Modeling: Threat modeling is the cornerstone of our proactive security strategy, and a key principle in Secure by Design.
- Secure Code and Architecture Design Review: Our secure code review capability combines both manual expertise and automated analysis with various custom and vendor based tools. Architecture and Design reviews involve threat modeling, technology and risk based assessment.
- Define process, guidelines and practices to ensure secure software development, collaborating with the team members and cross organizational stakeholders.
- Automate application security testing and controls.
- Conduct platform services testing to identify application security issues, adhering to industry standards like OWASP Web Security Testing Guide.
- Partner with engineering teams and product managers to prioritize and address vulnerabilities in Pantheon's Platform.
- Engage in both internal and external (vendor) penetration testing
- Develop, Deploy, and Manage technical application security controls to meet regulatory and compliance requirements.
- Participate in audit processes to ensure regulatory and compliance needs.
- Contribute to the governance of platform security and fostering innovation within Pantheon’s Platform.
What You Bring To The Table
- Bachelors of Computer Science or a related field, or equivalent experience.
- 3-5 years overall experience in Security, Software Development and Platforms
- Experience in Cloud environments.
- Experience in Secure by Design development practices, including providing guidance on Secure Architecture and System Design.
- Familiarity with SDLC and SDL methodologies.
- Ability to build or select application security tools and implement CI/CD pipelines.
- Strong communication skills for collaborating with engineering teams on complex application security issues.
Bonus
- Experience with Security Infrastructure, Kubernetes Security, and Penetration Testing
What We Offer
We have all the usual perks and benefits but what we can really offer you is a fantastic work environment powered by an amazing team.
- Industry competitive compensation and equity plan
- Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
- Full medical coverage (Extended health care, dental, vision)
- Top-of-line equipment
- Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
- Events and activities both team-based and company wide that inspire, educate and cultivate
Pantheon is an equal opportunity action employer and we welcome applications from all backgrounds regardless of race, color, religion, sex, national origin, ancestry, age, marital status, sexual orientation, gender identity, veteran status, disability, or any other classification protected by law. Pantheon complies with federal and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. If you need a reasonable accommodation due to a disability for any part of the interview process, please contact talent@pantheon.io. Pursuant to local and federal regulations, Pantheon will consider qualified applicants with arrest and conviction records for employment.
To review the Employee and Applicant's Privacy Policy, click here.
Visa Sponsorship is not available at this time.
The Canadian base salary range for this position is between 80,000 - 100,000 CAD per year. Our salary ranges are determined by role, level, and location. At Pantheon, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.
#LI-PY1
Tags: Agile Application security Audits CI/CD Cloud Compliance Computer Science DAST Governance Kubernetes OWASP Pentesting Privacy SAST SDLC Security assessment Security strategy Strategy Vulnerabilities
Perks/benefits: Career development Competitive pay Equity / stock options Health care Medical leave Salary bonus Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open SQL-related jobs
- Open PowerShell-related jobs