Senior Security Engineer

Pantheon Systems, Inc

21h•Onsite

About The Position

Pantheon's Security Engineering team is responsible for safeguarding, auditing, and testing the security of Pantheon's entire platform. Our Security Engineering team aims to create a comprehensive and multi-dimensional approach to application security, with a focus on Security by Design in agile software development and cloud native environments. We are seeking a passionate, driven, and experienced application security engineer to join our growing team. The Security Engineer is a key strategic and technical role within the Application Security team. Our mission is to safeguard, audit, and test the security of the entire cloud hosting platform in these core areas: Security by Design: Implement “Security by Design” within agile software development and cloud-native environments. Support and Mentorship: Act as a Subject Matter Experts (SMEs), mentoring, coaching, and supporting all security engineering efforts across the organization. Standard Setting: Define, organize, and implement application security policy, process, standards, and guidelines. Application Security Performance: Helping engineering teams design and build high-performing, secure applications by mitigating security issues in a risk-based manner.

Requirements

Ability to bring standardization to inconsistent internal practices and transition to industry best practices.
Strong communication skills essential for partnering with engineering teams.
Demonstrated commitment to teamwork, professionalism, and authenticity, fostering trust and accountability.
Understanding that establishing security best practices is a marathon requiring persistence across many stakeholders.
Minimum of 6+ years of overall experience, with at least 2+ years dedicated to Application Security.
Deep, hands-on experience in Secure by Design development practices, including guiding Secure Architecture and System Design.
Extensive experience securing production systems in Cloud environments (e.g., AWS, Azure, GCP).
Ability to build maintainable components in Go or Python.
Hands-on experience with jenkins/cloud pipelines/ circleci (bonus points for experience with reusable workflows).
Experience working with containerization (e.g., Docker, OCI), Terraform, and Kubernetes (K8s).
Proven ability to build, select, and implement application security tools, and integrate them into CI/CD pipelines.
Bachelor's degree in Computer Science or equivalent practical experience.

Responsibilities

Define, document, and champion processes and practices for a secure Software Development Life Cycle (SDLC).
Be a driving force in establishing a strong security culture within platform engineering teams.
Lead Threat Modeling as a core principle for the Secure by Design strategy.
Conduct Secure Code and Architecture Design Reviews, including threat modeling and technology/risk-based assessments.
Automate application security testing and controls, integrating them directly into the CI/CD pipelines.
Responsible for the deployment, operation, and tuning of security tools (SAST, DAST, IAST, and CSPM), with a focus on platforms like CodeQL and Wiz.io.
Partner with engineering to effectively prioritize and remediate identified vulnerabilities.
Manage tools for Software Composition Analysis (SCA) to ensure supply chain security.
Coordinate internal and external Penetration Testing activities with the Security Operations team.

Benefits

Industry competitive compensation and equity plan
Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
Full medical coverage (Extended health care, dental, vision)
Top-of-line equipment
Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
Events and activities both team-based and company wide that inspire, educate and cultivate

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume