DevSecOps (Security) Engineer at Pana

| Greater Denver Area
Sorry, this job was removed at 12:57 p.m. (MST) on Wednesday, October 9, 2019
Find out who's hiring in Colorado.
See all Developer + Engineer jobs in Colorado
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
An Audacious Mission

Today, coordinating business travel is complex because of competing interests, opaque industry practices, convoluted systems, and bad software.

But we believe that travel is a force-multiplier for growth.

Travel connects teams to new and existing co-workers, partners, and customers. It enables new opportunities, produces unexpected collaboration, and shifts perspectives. That’s why we focus daily on making travel more about why you’re going and less about how you’ll get there. 

Our mission is to make in-person collaboration effortless.

 
The Role
Pana is looking for a seasoned DevSecOps Engineer or DevOps Engineer with a strong security focus and extensive experience.  You will help with DevOps security initiatives and implement best practices in the areas of infrastructure, network security, and secure coding, as well as compliance and policy.
 
You will suggest best practices, make decisions, create and enforce policy and manage third-party vendors in regards to security and compliance. You will stand up new technologies, services, tooling, and systems which make our engineering team more efficient and protect our customers’ data.
 
You'll also act as a Subject Matter Expert, advising other teams on security topics and evangelize security best practices, maintain industry-accepted compliance certifications, and help respond to security events.
 
You have strong experience with network and application-level security in a production environment and exposure to at least one compliance framework, plus 10+ years of cloud architecture experience.
 
In return, we provide full benefits, unlimited vacation time, a competitive salary, stock options, and a chance to change the face of travel.
 
Responsibilities
  • Design, develop, and manage software development processes (code reviews, defensive programming, etc.) and tooling/automation (CI/CD, monitoring, alerting, logging, etc.) to ensure security, availability, and quality is considered throughout the agile software development process.
  • Design, deploy, and maintain application, network, and infrastructure level security controls that protect the confidentiality, privacy, and security of our customers’ data, including firewalls, WAF, and IDS/IPS.
  • Keep Pana up-to-date with and certified by industry-standard compliance frameworks such as SOC2, GDPR, and PCI-DSS.
  • Ensure that Pana runs and passes independent third-party vendors security assessments such as penetration tests, social engineering tests, and vulnerability scans.
  • Ensure that Pana’s employee processes and controls adequately protect the security, confidentiality, and privacy of our customers.
  • Maintain and update clear documentation on Pana’s InfoSec policies, processes, and controls, and ensure employees are properly trained on InfoSec topics.
  • Clearly communicate the details of our InfoSec program to sales prospects and customers.
  • Plan for and manage incident response plans while minimizing effect on the business.
  • Effectively respond to, support, troubleshoot, and monitor security incidents in production systems.
  • Help scale our infrastructure to keep up with Pana’s incredible growth.

The Typical Day
  • Consulting with engineers on security best practices for an upcoming story
  • Deploy a change to our CI/CD pipeline to leverage new linter
  • Attending an InfoSec conference to keep up with industry best practices
  • Run a security best-practices session with new employees
  • Responding to an InfoSec questionnaire from a prospective customer
 Requirements
  • 10+ years of relevant experience in the InfoSec and DevOps space, preferably with both large and small, high-growth companies. 
  • SaaS and/or PaaS industry experience preferred.
  • Expert experience with cloud security, platforms and services, including understanding of current security offerings from leading cloud service providers and their applicability to securing a SaaS enterprise security environment.
  • Experience in the evaluation and implementation of industry-standard InfoSec technologies and concepts, including but not limited to: SEIM, Application Security, Cloud Security, Data Loss Prevention, Security Event Management, Threat and Vulnerability Management and Identity and Access Management.
  • Familiarity with industry security standards and compliances, such as OWASP, FedRAMP, AICPA SOC, ISO 27001 as well as current data privacy regulations, including GDPR and regional standards.
  • Collaborative attitude and ability to work cross-functionally to educate, build relationships, and foster adoption of sound security practices.

Note: An offer of employment at Pana is contingent upon passing a background check. This does not include a credit check. All background investigations will be conducted in accordance with the Fair Credit in Reporting Act and other applicable state/local regulations.

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • JavascriptLanguages
    • SqlLanguages
    • ReactLibraries
    • ReduxLibraries
    • ExpressFrameworks
    • Node.jsFrameworks
    • MongoDBDatabases
    • PostgreSQLDatabases
    • RedisDatabases

Location

Our office is located in RiNo--Denver's source for galleries, brewpubs, music, and murals. (Huge positive--We have FREE parking!)

An Insider's view of Pana

How would you describe the company’s work-life balance?

Pana really encourages a strong work-life balance. I coach volleyball after work and I don’t feel any kind of pressure to give it up or to work while I’m out of office coaching or traveling with the team. We’re encouraged to spend our personal time on personal endeavors, and that helps me feel really present when I am at work.

Ryan

Sales Development Representative

What's the biggest problem your team is solving?

Right now we’re figuring out how to make trips go smoothly for guest travelers (candidates, medical professionals, etc.) who don’t know what policies they are meant to follow, or have an easy way to pay for/ expense travel costs. Figuring out how to mask the complexity of travel in order to make it super simple is incredibly interesting to tackle.

Kim

Product Manager

How has your career grown since starting at the company?

Pana’s rapid growth has challenged me to learn more and faster than I ever imagined. The projects I’ve helped lead have made me feel like I’m having a real impact on Pana’s future. Everyone at the company shares a common goal and we’re working together to reach it, this has given my work meaning and made me invested in my future with Pana.

Kendall

Implementation Manager

How do your team's ideas influence the company's direction?

We build idea meritocracies, where solutions come from anyone, no matter their title. We have processes, such as our daily Product Forum, where anyone can bring feedback/ideas (with well-justified arguments). We also hire for intellectual honesty—the ability to debate ideas on the merits of their reasoning, not because you want to be right.

Devon

CEO

How does the company support your career growth?

Pana has a really supportive and transparent culture. I’m not only allowed to make mistakes, but when I do, there’s support in place for me to recover and learn from them. We know what the company goals are and this makes it easier to know what to focus on to help achieve them. Plus, there’s always direct feedback about how I can grow with Pana.

Stuart

SE 3 + Team Lead

What are Pana Perks + Benefits

Culture
Friends outside of work
Eat lunch together
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Pair programming
Open office floor plan
Diversity
Mean gender pay gap below 10%
Health Insurance & Wellness Benefits
Dental Benefits
Vision Benefits
Health Insurance Benefits
Onsite Gym
Retirement & Stock Options Benefits
401(K)
Company Equity
Child Care & Parental Leave Benefits
Remote Work Program
At Pana, we understand life happens. This is why we give our team the flexibility to work from home when necessary.
Vacation & Time Off Benefits
Unlimited Vacation Policy
Perks & Discounts
Casual Dress
Company Outings
Pana hosts annual company retreats, and occasional company happy hours.
Stocked Kitchen
Forgot to grab breakfast? In desperate need of a snack? We've got you covered--Pana stocks the essentials, including popular breakfast items and snacks.
Some Meals Provided
We love lunches! Anytime a new team member joins, we provide a week of catered lunches for the entire HQ team!
Parking
We offer free parking!
Pet Friendly
We love dogs!
Relocation Assistance
Professional Development Benefits
Lunch and learns
Pana hosts lunch and learn meetings once per quarter.
Promote from within
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView Pana's full profileSee more Pana jobs