[Hiring] Staff Security Engineer @Pantheon Systems, Inc

Role Description

Pantheon’s Security Engineering team is responsible for safeguarding, auditing, and testing the security of Pantheon's entire platform. Our Security Engineering team aims to create a comprehensive and multi-dimensional approach to application security, with a focus on Security by Design in agile software development and cloud native environments, with deep expertise in securing Google Cloud Platform (GCP) workloads at scale.

We are seeking a passionate, driven, and experienced application security engineer to join our growing team. The Staff Security Engineer is a key strategic and technical role within the Application Security team. This is an engineering-first role: we measure impact by what you build and what teams adopt, not by tickets closed or alerts triaged.

Our mission is to safeguard, audit, and test the security of the entire cloud hosting platform in these core areas:

• Security by Design: Implement “Security by Design” within agile software development and cloud-native environments, with a primary focus on GCP-native security architecture, IAM design, and workload protection.
• Support and Mentorship: Act as a Subject Matter Expert (SME), mentoring, coaching, and supporting all security engineering efforts across the organization.
• Standard Setting: Define, organize, and implement application security policy, process, standards, and guidelines.
• Application Security Performance: Helping engineering teams design and build high-performing, secure applications by mitigating security issues in a risk-based manner.

Qualifications

• Minimum of 10+ years of overall experience, with at least 5+ years dedicated to Application Security.
• Proven, hands-on experience designing and operating security controls in Google Cloud Platform at scale including IAM and Workload Identity Federation, VPC Service Controls, CMEK and Secret Manager, Binary Authorization, GKE hardening, and Security Command Center.
• Deep, hands-on experience in Secure by Design development practices, including guiding Secure Architecture and System Design.
• A builder first demonstrated experience designing and shipping reusable security primitives (Terraform modules, policy libraries, pipeline integrations) that engineering teams adopt.
• Hands-on experience writing production-grade, secure-by-default Terraform for GCP deployments including org policies, IAM bindings, VPC configurations, and GKE cluster hardening.
• Ability to build maintainable components in Go or Python.
• Hands-on experience with Jenkins, Cloud Build, or CircleCI (bonus points for experience with reusable workflows).
• Proven ability to build, select, and implement application security tools, and integrate them into CI/CD pipelines.
• Google Professional Cloud Security Engineer certification strongly preferred. CISSP, CCSP, or CKS (Certified Kubernetes Security Specialist) are a plus.
• Bachelor's degree in Computer Science or equivalent practical experience.

Requirements

• Comfort operating as an engineer first, measuring impact by what you ship and what teams adopt.
• Ability to bring standardization to inconsistent internal practices and transition to industry best practices.
• Strong communication skills essential for partnering with engineering teams.
• Demonstrated commitment to teamwork, professionalism, and authenticity, fostering trust and accountability.
• Understanding that establishing security best practices is a marathon requiring persistence across many stakeholders.

Benefits

• Industry competitive compensation and equity plan.
• Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays.
• Full medical coverage (Extended health care, dental, vision).
• Top-of-line equipment.
• In-office workspace (Vancouver, BC Canada).
• Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development.
• Events and activities both team-based and company-wide that inspire, educate and cultivate.