Director, Security Engineering

October 30

Apply Now

Receive Emails with Similar Jobs

Pantheon Platform

WebsiteLinkedInAll Job Openings

Pantheon is the WebOps platform for websites that deliver extraordinary results. We believe in putting the magic of the internet in everyone’s hands. That’s why we’re so passionate about helping developers, IT, and marketing develop, test, and release website changes faster and more reliably so they can build and maintain websites that create value for their organizations. Our cloud native software makes it easy to securely manage a single website or thousands of websites across multiple teams in one platform.

501 - 1000 employees

📋 Description

• Manage a high-performing team of security engineers, fostering a positive and collaborative environment • Responsible for managing the security engineering budget and the selection, deployment, and operation of security tools (like SAST/DAST, IAST, Cloud Security Posture Management - CSPM) • Collaborate with the Governance, Risk, and Compliance (GRC) team to translate regulatory requirements (like PCI-DSS and SOC2) into actionable engineering requirements and control implementation. • Develop and implement the company's security vision and roadmap, including a strong emphasis on "Shift Left" principles. • Perform security reviews to identify security issues and risks, and develop mitigation plans • Advise and consult with internal customers on risk assessment, threat modeling, code review, and vulnerability remediation • Drive the adoption of secure coding practices across the engineering organization through training, workshops, and mentorship. • In conjunction with Security Operations, investigate, respond, and communicate security incidents promptly and effectively, minimizing potential harm and ensuring swift resolution. • Partner with other engineering teams to integrate security considerations into their product roadmaps, design decisions, and development processes. • Identify and recruit talented security champions across various teams to serve as ambassadors and advocates for security best practices. • Stay current with the latest security threats, trends, and technologies, and actively explore innovative solutions for mitigating emerging risks. • Develop and deliver security training and outreach to internal development teams • Communicate effectively with stakeholders across all levels of the organization, providing clear and concise updates on security posture and initiatives.

🎯 Requirements

• 10+ years of experience in information security or a related field. • Industry-leading security certification, such as CISSP, CISM, or CSSLP. • Deep experience with major cloud platforms (e.g., AWS, GCP, Azure), including Infrastructure as Code (IaC) security (e.g., Terraform, CloudFormation) • Significant experience and detailed technical knowledge in multiple areas: security engineering, web encryption protocols, and application security. • Proven experience translating ISO 27001 or NIST 800-53 controls into practical, engineering-focused security requirements. • Detailed knowledge of application and platform security vulnerabilities and remediation techniques • Proven experience leading and managing a team of security engineers. • Good understanding of "Shift Left" and Security by Design. • Extensive knowledge of web application security, common vulnerabilities, and relevant security tools. • Experience with secure coding practices and software development lifecycle (SDLC) integration. • Excellent communication, collaboration, and problem-solving skills. • Ability to work independently and prioritize effectively in a fast-paced environment. • Strong passion for security and a desire to create a secure and resilient technology ecosystem. • Experience with Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) tools (e.g., Wiz) is a strong plus.

🏖️ Benefits

• Industry competitive compensation and equity plan • Flexible time off, sick days, and 13 paid holidays • Comprehensive medical insurance including Health, Dental, and Vision • Paid parental leave (plus fertility, adoption, and other family planning benefits) • In-office workspace (San Francisco) • Monthly allowance for wellness, reading, and access to LinkedIn Learning for continued development • Events and activities both team-based and company-wide that inspire, educate, and cultivate