The Role

Pana is looking for a seasoned DevSecOps Engineer or DevOps Engineer with a strong security focus and extensive experience.  You will help with DevOps security initiatives and implement best practices in the areas of infrastructure, network security, and secure coding, as well as compliance and policy.

You will suggest best practices, make decisions, create and enforce policy and manage third-party vendors in regards to security and compliance. You will stand up new technologies, services, tooling, and systems which make our engineering team more efficient and protect our customers’ data.

You'll also act as a Subject Matter Expert, advising other teams on security topics and evangelize security best practices, maintain industry-accepted compliance certifications, and help respond to security events.

You have strong experience with network and application-level security in a production environment and exposure to at least one compliance framework, plus 10+ years of cloud architecture experience.

In return, we provide full benefits, unlimited vacation time, a competitive salary, stock options, and a chance to change the face of travel.

Responsibilities

• Design, develop, and manage software development processes (code reviews, defensive programming, etc.) and tooling/automation (CI/CD, monitoring, alerting, logging, etc.) to ensure security, availability, and quality is considered throughout the agile software development process.
• Design, deploy, and maintain application, network, and infrastructure level security controls that protect the confidentiality, privacy, and security of our customers’ data, including firewalls, WAF, and IDS/IPS.
• Keep Pana up-to-date with and certified by industry-standard compliance frameworks such as SOC2, GDPR, and PCI-DSS.
• Ensure that Pana runs and passes independent third-party vendors security assessments such as penetration tests, social engineering tests, and vulnerability scans.
• Ensure that Pana’s employee processes and controls adequately protect the security, confidentiality, and privacy of our customers.
• Maintain and update clear documentation on Pana’s InfoSec policies, processes, and controls, and ensure employees are properly trained on InfoSec topics.
• Clearly communicate the details of our InfoSec program to sales prospects and customers.
• Plan for and manage incident response plans while minimizing effect on the business.
• Effectively respond to, support, troubleshoot, and monitor security incidents in production systems.
• Help scale our infrastructure to keep up with Pana’s incredible growth.

The Typical Day

• Consulting with engineers on security best practices for an upcoming story
• Deploy a change to our CI/CD pipeline to leverage new linter
• Attending an InfoSec conference to keep up with industry best practices
• Run a security best-practices session with new employees
• Responding to an InfoSec questionnaire from a prospective customer

 Requirements

• 10+ years of relevant experience in the InfoSec and DevOps space, preferably with both large and small, high-growth companies. 
• SaaS and/or PaaS industry experience preferred.
• Expert experience with cloud security, platforms and services, including understanding of current security offerings from leading cloud service providers and their applicability to securing a SaaS enterprise security environment.
• Experience in the evaluation and implementation of industry-standard InfoSec technologies and concepts, including but not limited to: SEIM, Application Security, Cloud Security, Data Loss Prevention, Security Event Management, Threat and Vulnerability Management and Identity and Access Management.
• Familiarity with industry security standards and compliances, such as OWASP, FedRAMP, AICPA SOC, ISO 27001 as well as current data privacy regulations, including GDPR and regional standards.
• Collaborative attitude and ability to work cross-functionally to educate, build relationships, and foster adoption of sound security practices.

Note: An offer of employment at Pana is contingent upon passing a background check. This does not include a credit check. All background investigations will be conducted in accordance with the Fair Credit in Reporting Act and other applicable state/local regulations.