Security Engineer safeguarding Pantheon’s web platform through comprehensive application security practices. Collaborating with teams, focusing on Security by Design in agile development environments.
Responsibilities
Implement “Security by Design” within agile software development and cloud-native environments
Act as a Subject Matter Experts (SMEs), mentoring, coaching, and supporting all security engineering efforts across the organization
Define, organize, and implement application security policy, process, standards, and guidelines
Helping engineering teams design and build high-performing, secure applications by mitigating security issues in a risk-based manner
Define, document, and champion processes and practices for a secure Software Development Life Cycle (SDLC)
Be a driving force in establishing a strong security culture within platform engineering teams
Lead Threat Modeling as a core principle for the Secure by Design strategy
Conduct Secure Code and Architecture Design Reviews, including threat modeling and technology/risk-based assessments
Automate application security testing and controls, integrating them directly into the CI/CD pipelines
Responsible for the deployment, operation, and tuning of security tools (SAST, DAST, IAST, and CSPM)
Partner with engineering to effectively prioritize and remediate identified vulnerabilities
Manage tools for Software Composition Analysis (SCA) to ensure supply chain security
Requirements
Minimum of 6+ years of overall experience
At least 2+ years dedicated to Application Security
Deep, hands-on experience in Secure by Design development practices
Extensive experience securing production systems in Cloud environments (e.g., AWS, Azure, GCP)
Ability to build maintainable components in Go or Python
Hands-on experience with jenkins/cloud pipelines/ circleci
Experience working with containerization (e.g., Docker, OCI), Terraform, and Kubernetes (K8s)
Proven ability to build, select, and implement application security tools, and integrate them into CI/CD pipelines
Bachelor's degree in Computer Science or equivalent practical experience
Benefits
Industry competitive compensation and equity plan
Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
Full medical coverage (Extended health care, dental, vision)
Top-of-line equipment
In-office workspace (Vancouver, BC Canada)
Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
Events and activities both team-based and company wide that inspire, educate and cultivate
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.