Director, Security Engineering

About Pantheon Pantheon WebOps Platform powers the open web, running more than 300,000 sites in the cloud for customers including Google, Princeton, Salesloft, and Doctors Without Borders. Every day, thousands of developers and marketers create, iterate, and scale WordPress and Drupal sites to reach billions of people globally. Pantheon’s multitenant, container-based platform enables organizations to manage all of their websites from a single dashboard. Organizations, including Clorox and the United Nations, drive results through accelerated development and real-time publishing using Pantheon’s collaborative workflows. The Role Pantheon is looking for a Director to join our Security team. We’re expanding an impressive and growing platform that powers hundreds of thousands of websites, millions of containerized resources, billions of monthly page views, and development tools that professional website developers use. As the Security Engineering Director, you will play a pivotal role in ensuring the security of the Pantheon Platform, safeguarding the thousands of websites hosted on Pantheon to create a safe and secure digital environment. This position holds paramount importance within the Security Organization, as you will collaborate closely with leaders across our Product and Engineering, Legal, and Governance, Risk, and Compliance teams. By leading initiatives in application and platform security, you will contribute directly to the reliability and resilience of our services, fostering a robust security culture within our engineering teams. This role is not only about fortifying our defenses but also about championing innovation, implementing best practices, and staying ahead of emerging threats to uphold Pantheon's commitment to excellence in digital security. This leader will ensure all application and platform security initiatives support and strengthen our ongoing compliance with standards like PCI-DSS Level 2 and SOC2 (Security, Confidentiality, and Reliability), directly impacting our trustworthiness with customers. Join us in this exciting opportunity to shape the future of secure web hosting and make a lasting impact on the digital experiences of our diverse user base. What you Need to Succeed Manage a high-performing team of security engineers, fostering a positive and collaborative environment Responsible for managing the security engineering budget and the selection, deployment, and operation of security tools (like SAST/DAST, IAST, Cloud Security Posture Management - CSPM) Collaborate with the Governance, Risk, and Compliance (GRC) team to translate regulatory requirements (like PCI-DSS and SOC2) into actionable engineering requirements and control implementation. Develop and implement the company's security vision and roadmap, including a strong emphasis on "Shift Left" principles. Perform security reviews to identify security issues and risks, and develop mitigation plans Advise and consult with internal customers on risk assessment, threat modeling, code review, and vulnerability remediation Drive the adoption of secure coding practices across the engineering organization through training, workshops, and mentorship. In conjunction with Security Operations, investigate, respond, and communicate security incidents promptly and effectively, minimizing potential harm and ensuring swift resolution. Partner with other engineering teams to integrate security considerations into their product roadmaps, design decisions, and development processes. Identify and recruit talented security champions across various teams to serve as ambassadors and advocates for security best practices. Stay current with the latest security threats, trends, and technologies, and actively explore innovative solutions for mitigating emerging risks. Develop and deliver security training and outreach to internal development teams Communicate effectively with stakeholders across all levels of the organization, providing clear and concise updates on security posture and initiatives. What you Bring to the Table 10+ years of experience in information security or a related field. Industry-leading security certification, such as CISSP, CISM, or CSSLP. Deep experience with major cloud platforms (e.g., AWS, GCP, Azure), including Infrastructure as Code (IaC) security (e.g., Terraform, CloudFormation) Significant experience and detailed technical knowledge in multiple areas: security engineering, web encryption protocols, and application security. Proven experience translating ISO 27001 or NIST 800-53 controls into practical, engineering-focused security requirements. Detailed knowledge of application and platform security vulnerabilities and remediation techniques Proven experience leading and managing a team of security engineers. Good understanding of "Shift Left" and Security by Design. Extensive knowledge of web application security, common vulnerabilities, and relevant security tools. Experience with secure coding practices and software development lifecycle (SDLC) integration. Excellent communication, collaboration, and problem-solving skills. Ability to work independently and prioritize effectively in a fast-paced environment. Strong passion for security and a desire to create a secure and resilient technology ecosystem. Experience with Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) tools (e.g., Wiz) is a strong plus. What We Offer We have all the usual perks and benefits but what we can really offer you is a fantastic work environment powered by an amazing team. Industry competitive compensation and equity plan Flexible time off, sick days, and 13 paid holidays Comprehensive medical insurance including Health, Dental, and Vision Paid parental leave (plus fertility, adoption, and other family planning benefits) In-office workspace (San Francisco) Monthly allowance for wellness, reading, and access to LinkedIn Learning for continued development Events and activities both team-based and company-wide that inspire, educate, and cultivate Pantheon is an equal-opportunity employer and we welcome applications from all backgrounds regardless of race, color, religion, sex, national origin, ancestry, age, marital status, sexual orientation, gender identity, veteran status, disability, or any other classification protected by law. Pantheon complies with federal and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. If you need reasonable accommodation due to a disability for any part of the interview process, please contact Pursuant to local and federal regulations, Pantheon will consider qualified applicants with arrest and conviction records for employment. The base salary range for this role is $195,500–$220,000 USD. This position also offers a performance bonus dependent on company performance. Our salary ranges are determined by role, level, and location. After an offer is made and accepted, E-Verify will be used to confirm your identity and employment eligibility, as required by the U.S. Department of Homeland Security. Visa sponsorship is not available at this time. To review the Employee and Applicant's Privacy Policy, click here. #J-18808-Ljbffr