Director of Information Security

About The Position

Requirements

• 8+ years of experience in security engineering, infrastructure security, platform security, or a closely related domain
• Strong hands-on experience securing cloud and enterprise environments, including identity, networking, endpoints, SaaS, and logging/monitoring systems
• Experience building and operating security controls in modern engineering environments, including CI/CD pipelines, source control platforms, infrastructure as code, and developer tooling
• Deep knowledge of identity and access management, including SSO, MFA, RBAC, provisioning/deprovisioning, and privileged access design
• Proven experience leading vulnerability management and remediation programs in a fast-moving engineering environment
• Experience designing security architectures and making high-quality tradeoff decisions in complex, ambiguous settings
• Ability to move fluidly between strategic planning and hands-on execution
• Clear written and verbal communication skills, with the ability to work effectively across technical and non-technical teams
• Good judgment, high ownership, and a practical mindset about applying security where it matters most

Nice To Haves

• Experience as a founding or early security hire at a scaling startup
• Experience securing environments that support hardware engineering, manufacturing, lab operations, or industrial/OT-adjacent systems
• Familiarity with security requirements relevant to enterprise infrastructure, including SOC 2 and ISO 27001 control environments
• Experience with zero trust architecture, device trust, and modern endpoint management
• Experience with cloud security tooling, SIEM/log pipelines, EDR, MDM, and infrastructure policy enforcement
• Familiarity with secure software supply chain controls, including artifact integrity, dependency management, and secrets detection
• Experience evaluating and securing enterprise systems such as PLM, ERP, MRP, MES, QMS, and related integrations
• Experience with incident response, threat modeling, tabletop exercises, and security reviews for critical vendors
• Experience working in highly regulated, high-consequence, or mission-critical industries such as aerospace, defense, energy, robotics, or advanced manufacturing

Responsibilities

• Own the technical roadmap for information security across Panthalassa’s corporate, cloud, and enterprise systems environments
• Design and implement security architecture for identity, endpoint, network, SaaS, and cloud systems, with a focus on secure-by-default standards
• Build practical security guardrails into engineering and operational workflows, including source control, CI/CD, infrastructure as code, secrets management, logging, and access reviews
• Partner with IT and infrastructure teams to harden corporate networks, cloud environments, endpoints, and collaboration systems
• Define and implement identity and access management patterns, including SSO, MFA, role-based access controls, privileged access workflows, and lifecycle management
• Lead vulnerability management across internal systems and applications, including scanner tuning, prioritization, remediation guidance, and verification of fixes
• Establish detection and response capabilities appropriate for the company’s scale, including telemetry strategy, alerting, incident playbooks, and forensic readiness
• Secure enterprise systems and the digital thread that support engineering release, manufacturing, supply chain, and operations
• Perform security architecture reviews for new tools, vendors, infrastructure changes, and internal systems
• Build lightweight, durable security policies and standards that are aligned with how the company actually works
• Partner with legal, finance, IT, and business operations on audit readiness, third-party risk, and customer or partner security requirements
• Drive remediation of high-priority risks through direct implementation, automation, and close partnership with system owners
• Create clear documentation, runbooks, and training that raise the security baseline across the company
• Serve as a senior technical advisor during security incidents and significant operational events

Benefits

• Cash compensation of $200,000 - $275,000
• Equity in the company
• Flexible paid time off
• Health insurance (the company pays 100% of gold level PPO plan for full time employees, their partners, and dependents)
• Dental insurance (the company pays 100% for full time employees and 100% for their partners and dependents)
• Vision insurance (the company pays 100% for full time employees, their partners, and dependents)
• Disability insurance (the company pays 100% for a policy to provide long term financial support if you become disabled)
• Ability to contribute to tax-advantaged accounts, including 401(k), health FSA, and dependent care FSA
• Relocation assistance to facilitate your move to Portland (if needed)