Staff Security Engineer
Vancouver, BC, Canada
Applications have closed
Pantheon
Pantheon is the WebOps platform where teams build, host, and manage their websites. Pantheon delivers all your business needs for digital speed and agility.About Pantheon
Pantheon is the WebOps platform for websites that deliver extraordinary results. We believe in putting the magic of the internet in everyone’s hands. That’s why we’re so passionate about helping developers, IT and marketing develop, test, and release website changes faster and more reliably so they can build and maintain websites that create value for their organizations. Our cloud native software makes it easy to securely manage a single website or thousands of websites across multiple teams in one platform.
Pantheon’s core company values are Trust, Teamwork, Passion, and Customers First. At Pantheon, we work hard and play harder, valuing individuality, humor, and balance. We're enthusiastic participants in several open-source communities and have real relationships with many of our most active customers. If all of this sounds interesting to you, read on!
The Role
Pantheon’s Application Security team is responsible for safeguarding, auditing, and testing the security of Pantheon's entire platform. Our Application Security team aims to create a comprehensive and multi-dimensional approach to application security, with a focus on Security by Design in agile software development and cloud native environments.
We are seeking a passionate, driven, and experienced application security engineer to join our growing team. As a Staff Application Security Engineer, you will help our engineering teams design and build applications that are secure and perform well by mitigating security issues. You will help mentor, coach and support all team members in security engineering across the organization as a subject matter expert. You will fill a key role in helping define, organizing and implementing application security policy, process, standards, guidelines and their implementation.
What You Need to Succeed
- Software Composition Analysis: Composition of software, dependencies, BOM and supply chain security.
- Static Application Security Testing (SAST): With SAST, we delve into the application's source code, examining it meticulously for vulnerabilities and weaknesses.
- Dynamic Application Security Testing (DAST): Our DAST capability involves the thorough security assessment of running applications.
- Threat Modeling: Threat modeling is the cornerstone of our proactive security strategy, and a key principle in Secure by Design.
- Secure Code and Architecture Design Review: Our secure code review capability combines both manual expertise and automated analysis with various custom and vendor based tools. Architecture and Design reviews involve threat modeling, technology and risk based assessment.
You will
- Define process, guidelines and practices to ensure secure software development, collaborating with the team members and cross organizational stakeholders.
- Automate application security testing and controls.
- Conduct platform services testing to identify application security issues, adhering to industry standards like OWASP Web Security Testing Guide.
- Partner with engineering teams and product managers to prioritize and address vulnerabilities in Pantheon's Platform.
- Engage in both internal and external (vendor) penetration testing
- Develop, Deploy, and Manage technical application security controls to meet regulatory and compliance requirements.
- Participate in audit processes to ensure regulatory and compliance needs.
- Contribute to the governance of platform security and fostering innovation within Pantheon’s Platform.
What You Bring To The Table
- Bachelors of Computer Science or a related field, or equivalent experience.
- 10+ years overall experience in Security, Software and Platforms, with 5+ years dedicated to Application Security.
- Experience in Cloud environments.
- Experience in Secure by Design development practices, including providing guidance on Secure Architecture and System Design.
- Familiarity with SDLC and SDL methodologies.
- Ability to build or select application security tools and implement CI/CD pipelines.
- Strong communication skills for collaborating with engineering teams on complex application security issues.
Bonus
- Experience with Security Infrastructure, Kubernetes Security, and Penetration Testing
What We Offer
We have all the usual perks and benefits but what we can really offer you is a fantastic work environment powered by an amazing team.
- Industry competitive compensation and equity plan
- Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
- Full medical coverage (Extended health care, dental, vision)
- Top-of-line equipment
- Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
- Events and activities both team-based and company wide that inspire, educate and cultivate
Pantheon is an equal opportunity action employer and we welcome applications from all backgrounds regardless of race, color, religion, sex, national origin, ancestry, age, marital status, sexual orientation, gender identity, veteran status, disability, or any other classification protected by law. Pantheon complies with federal and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. If you need a reasonable accommodation due to a disability for any part of the interview process, please contact talent@pantheon.io. Pursuant to local and federal regulations, Pantheon will consider qualified applicants with arrest and conviction records for employment.
To review the Employee and Applicant's Privacy Policy, click here.
Visa Sponsorship is not available at this time.
#LI-PG1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security Audits CI/CD Cloud Compliance Computer Science DAST Governance Kubernetes OWASP Pentesting Privacy SAST SDLC Security assessment Security strategy Strategy Vulnerabilities
Perks/benefits: Career development Competitive pay Equity Health care Medical leave Salary bonus Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs