[Hiring] Staff Security Engineer @Pantheon Systems

Role Description

Pantheon’s Security Engineering team is responsible for safeguarding, auditing, and testing the security of Pantheon's entire platform. Our Security Engineering team aims to create a comprehensive and multi-dimensional approach to application security, with a focus on Security by Design in agile software development and cloud native environments.

We are seeking a passionate, driven, and experienced application security engineer to join our growing team. The Staff Security Engineer is a key strategic and technical role within the Application Security team.

Our mission is to safeguard, audit, and test the security of the entire cloud hosting platform in these core areas:

• Security by Design: Implement “Security by Design” within agile software development and cloud-native environments.
• Support and Mentorship: Act as a Subject Matter Experts (SMEs), mentoring, coaching, and supporting all security engineering efforts across the organization.
• Standard Setting: Define, organize, and implement application security policy, process, standards, and guidelines.
• Application Security Performance: Helping engineering teams design and build high-performing, secure applications by mitigating security issues in a risk-based manner.

What You Will Do:

• Policy Definition: Define, document, and champion processes and practices for a secure Software Development Life Cycle (SDLC).
• Security Culture: Be a driving force in establishing a strong security culture within platform engineering teams.
• Proactive Security: Lead Threat Modeling as a core principle for the Secure by Design strategy.
• Secure Design Reviews: Conduct Secure Code and Architecture Design Reviews, including threat modeling and technology/risk-based assessments.
• Automation: Automate application security testing and controls, integrating them directly into the CI/CD pipelines.
• Tooling: Responsible for the deployment, operation, and tuning of security tools (SAST, DAST, IAST, and CSPM), with a focus on platforms like CodeQL and Wiz.io.
• Vulnerability Management: Partner with engineering to effectively prioritize and remediate identified vulnerabilities.
• Supply Chain & Testing: Manage tools for Software Composition Analysis (SCA) to ensure supply chain security. Coordinate internal and external Penetration Testing activities with the Security Operations team.

Qualifications

• Problem-Solving: Ability to bring standardization to inconsistent internal practices and transition to industry best practices.
• Communication: Strong communication skills essential for partnering with engineering teams.
• Commitment: Demonstrated commitment to teamwork, professionalism, and authenticity, fostering trust and accountability.
• Grit: Understanding that establishing security best practices is a marathon requiring persistence across many stakeholders.

Requirements

• Overall Experience: Minimum of 10+ years of overall experience, with at least 5+ years dedicated to Application Security.
• Development Practices: Deep, hands-on experience in Secure by Design development practices, including guiding Secure Architecture and System Design.
• Cloud Proficiency: Extensive experience securing production systems in Cloud environments (e.g., AWS, Azure, GCP).
• Coding Proficiency: Ability to build maintainable components in Go or Python.
• CI/CD Fundamentals: Hands-on experience with Jenkins/cloud pipelines/CircleCI (bonus points for experience with reusable workflows).
• Cloud & Infrastructure: Experience working with containerization (e.g., Docker, OCI), Terraform, and Kubernetes (K8s).
• Tooling: Proven ability to build, select, and implement application security tools, and integrate them into CI/CD pipelines.
• Education: Bachelor's degree in Computer Science or equivalent practical experience.

Benefits

• Industry competitive compensation and equity plan
• Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
• Full medical coverage (Extended health care, dental, vision)
• Top-of-line equipment
• In-office workspace (Vancouver, BC Canada)
• Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
• Events and activities both team-based and company wide that inspire, educate and cultivate