Who you are

• We are seeking a passionate, driven, and experienced application security engineer to join our growing team
• Problem-Solving: Ability to bring standardization to inconsistent internal practices and transition to industry best practices
• Communication: Strong communication skills essential for partnering with engineering teams
• Commitment: Demonstrated commitment to teamwork, professionalism, and authenticity, fostering trust and accountability
• Grit: Understanding that establishing security best practices is a marathon requiring persistence across many stakeholders
• Overall Experience: Minimum of 6+ years of overall experience, with at least 2+ years dedicated to Application Security
• Development Practices: Deep, hands-on experience in Secure by Design development practices, including guiding Secure Architecture and System Design
• Cloud Proficiency: Extensive experience securing production systems in Cloud environments (e.g., AWS, Azure, GCP)
• Coding Proficiency: Ability to build maintainable components in Go or Python
• CI/CD Fundamentals: Hands-on experience with jenkins/cloud pipelines/ circleci (bonus points for experience with reusable workflows)
• Cloud & Infrastructure: Experience working with containerization (e.g., Docker, OCI), Terraform, and Kubernetes (K8s)
• Tooling: Proven ability to build, select, and implement application security tools, and integrate them into CI/CD pipelines
• Education: Bachelor's degree in Computer Science or equivalent practical experience

What the job involves

• Pantheon’s Security Engineering team is responsible for safeguarding, auditing, and testing the security of Pantheon's entire platform. Our Security Engineering team aims to create a comprehensive and multi-dimensional approach to application security, with a focus on Security by Design in agile software development and cloud native environments
• The Security Engineer is a key strategic and technical role within the Application Security team
• Our mission is to safeguard, audit, and test the security of the entire cloud hosting platform in these core areas:
• Security by Design: Implement “Security by Design” within agile software development and cloud-native environments
• Support and Mentorship: Act as a Subject Matter Experts (SMEs), mentoring, coaching, and supporting all security engineering efforts across the organization
• Standard Setting: Define, organize, and implement application security policy, process, standards, and guidelines
• Application Security Performance: Helping engineering teams design and build high-performing, secure applications by mitigating security issues in a risk-based manner
• Policy Definition: Define, document, and champion processes and practices for a secure Software Development Life Cycle (SDLC)
• Security Culture: Be a driving force in establishing a strong security culture within platform engineering teams
• Proactive Security: Lead Threat Modeling as a core principle for the Secure by Design strategy
• Secure Design Reviews: Conduct Secure Code and Architecture Design Reviews, including threat modeling and technology/risk-based assessments
• Automation: Automate application security testing and controls, integrating them directly into the CI/CD pipelines
• Tooling: Responsible for the deployment, operation, and tuning of security tools (SAST, DAST, IAST, and CSPM), with a focus on platforms like CodeQL and Wiz.io
• Vulnerability Management: Partner with engineering to effectively prioritize and remediate identified vulnerabilities
• Supply Chain & Testing: Manage tools for Software Composition Analysis (SCA) to ensure supply chain security. Coordinate internal and external Penetration Testing activities with the Security Operations team

Benefits

• Health & Wellness: Taking care of you and your family is important to us. Our healthcare benefits program delivers choice and value so you can prioritize your health
• Remote & In-Office: We believe in a flexible employee experience, our San Francisco office is a center for collaboration and connection, but it's not the only place this happens
• Flexible Time-Off: We encourage work/life balance. Take time off when you need it, and return ready to make magic on the internet when you're ready and refreshed
• Monthly Book & Gym Allowance: One of the many ways we enable our team to take control of their development and wellness is to take advantage of our books and gym membership allowance
• Promoting Inclusivity: We strive to have a culture where Pantheors across the globe feel a high sense of belonging and engagement. We have several programs in place to help cultivate inclusion at Pantheon, including educational events, open forums, and training opportunities
• Giving Back: We believe in cultivating passion and giving back to the community we live and work in. Pantheon offers a Donation Matching program of $500 per employee and holds multiple team volunteer opportunities throughout the year
• Employee Resource Groups: Our Pantheon Resource Groups (PRGs) allow employees to connect, support each other, and spread awareness
• Professional Development: We support employee learning and development through company led-training, leadership forums, and full access to LinkedIn Learning's catalogue of courses