Pantheon PlatformRemote
Staff Security Engineer
Canada
Full Time
1 hour ago
$176,000 - $220,000 CAD
No H1B
Key skills
AWSAzureCloudDockerGoogle Cloud PlatformJenkinsKubernetesPythonSDLCTerraformGoGCPGoogle CloudK8sCircleCIAgileCI/CDMentoringPenetration Testing
About this role
Role Overview
- Implement “Security by Design” within agile software development and cloud-native environments.
- Act as a Subject Matter Expert (SME), mentoring, coaching, and supporting all security engineering efforts across the organization.
- Define, organize, and implement application security policy, process, standards, and guidelines.
- Helping engineering teams design and build high-performing, secure applications by mitigating security issues in a risk-based manner.
- Define, document, and champion processes and practices for a secure Software Development Life Cycle (SDLC).
- Be a driving force in establishing a strong security culture within platform engineering teams.
- Lead Threat Modeling as a core principle for the Secure by Design strategy.
- Conduct Secure Code and Architecture Design Reviews, including threat modeling and technology/risk-based assessments.
- Automate application security testing and controls, integrating them directly into the CI/CD pipelines.
- Responsible for the deployment, operation, and tuning of security tools (SAST, DAST, IAST, and CSPM), with a focus on platforms like CodeQL and Wiz.io.
- Partner with engineering to effectively prioritize and remediate identified vulnerabilities.
- Manage tools for Software Composition Analysis (SCA) to ensure supply chain security. Coordinate internal and external Penetration Testing activities with the Security Operations team.
Requirements
- Minimum of 10+ years of overall experience, with at least 5+ years dedicated to Application Security
- Deep, hands-on experience in Secure by Design development practices, including guiding Secure Architecture and System Design.
- Extensive experience securing production systems in Cloud environments (e.g., AWS, Azure, GCP).
- Ability to build maintainable components in Go or Python.
- Hands-on experience with jenkins/cloud pipelines/ circleci (bonus points for experience with reusable workflows).
- Experience working with containerization (e.g., Docker, OCI), Terraform, and Kubernetes (K8s).
- Proven ability to build, select, and implement application security tools, and integrate them into CI/CD pipelines.
- Bachelor's degree in Computer Science or equivalent practical experience.
Tech Stack
- AWS
- Azure
- Cloud
- Docker
- Google Cloud Platform
- Jenkins
- Kubernetes
- Python
- SDLC
- Terraform
- Go
Benefits
- Industry competitive compensation and equity plan
- Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
- Full medical coverage (Extended health care, dental, vision)
- Top-of-line equipment
- In-office workspace (Vancouver, BC Canada)
- Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
- Events and activities both team-based and company wide that inspire, educate and cultivate