Staff Security Engineer safeguarding and auditing the security of Pantheon’s WebOps Platform. Joining a team focusing on Security by Design in agile and cloud-native environments.
Responsibilities
Implement “Security by Design” within agile software development and cloud-native environments.
Act as a Subject Matter Expert (SME), mentoring, coaching, and supporting all security engineering efforts across the organization.
Define, organize, and implement application security policy, process, standards, and guidelines.
Helping engineering teams design and build high-performing, secure applications by mitigating security issues in a risk-based manner.
Define, document, and champion processes and practices for a secure Software Development Life Cycle (SDLC).
Be a driving force in establishing a strong security culture within platform engineering teams.
Lead Threat Modeling as a core principle for the Secure by Design strategy.
Conduct Secure Code and Architecture Design Reviews, including threat modeling and technology/risk-based assessments.
Automate application security testing and controls, integrating them directly into the CI/CD pipelines.
Responsible for the deployment, operation, and tuning of security tools (SAST, DAST, IAST, and CSPM), with a focus on platforms like CodeQL and Wiz.io.
Partner with engineering to effectively prioritize and remediate identified vulnerabilities.
Manage tools for Software Composition Analysis (SCA) to ensure supply chain security. Coordinate internal and external Penetration Testing activities with the Security Operations team.
Requirements
Minimum of 10+ years of overall experience, with at least 5+ years dedicated to Application Security
Deep, hands-on experience in Secure by Design development practices, including guiding Secure Architecture and System Design.
Extensive experience securing production systems in Cloud environments (e.g., AWS, Azure, GCP).
Ability to build maintainable components in Go or Python.
Hands-on experience with jenkins/cloud pipelines/ circleci (bonus points for experience with reusable workflows).
Experience working with containerization (e.g., Docker, OCI), Terraform, and Kubernetes (K8s).
Proven ability to build, select, and implement application security tools, and integrate them into CI/CD pipelines.
Bachelor's degree in Computer Science or equivalent practical experience.
Benefits
Industry competitive compensation and equity plan
Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
Full medical coverage (Extended health care, dental, vision)
Top-of-line equipment
In-office workspace (Vancouver, BC Canada)
Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
Events and activities both team-based and company wide that inspire, educate and cultivate
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.