DevSecOps (Security) Engineer

| Greater Denver Area

An Audacious Mission

Today, coordinating business travel is complex because of competing interests, opaque industry practices, convoluted systems, and bad software.

But we believe that travel is a force-multiplier for growth.

Travel connects teams to new and existing co-workers, partners, and customers. It enables new opportunities, produces unexpected collaboration, and shifts perspectives. That’s why we focus daily on making travel more about why you’re going and less about how you’ll get there. 

Our mission is to make in-person collaboration effortless.

The Role
Pana is looking for a seasoned DevSecOps Engineer or DevOps Engineer with a strong security focus and extensive experience.  You will help with DevOps security initiatives and implement best practices in the areas of infrastructure, network security, and secure coding, as well as compliance and policy.
You will suggest best practices, make decisions, create and enforce policy and manage third-party vendors in regards to security and compliance. You will stand up new technologies, services, tooling, and systems which make our engineering team more efficient and protect our customers’ data.
You'll also act as a Subject Matter Expert, advising other teams on security topics and evangelize security best practices, maintain industry-accepted compliance certifications, and help respond to security events.
You have strong experience with network and application-level security in a production environment and exposure to at least one compliance framework, plus 10+ years of cloud architecture experience.
In return, we provide full benefits, unlimited vacation time, a competitive salary, stock options, and a chance to change the face of travel.
  • Design, develop, and manage software development processes (code reviews, defensive programming, etc.) and tooling/automation (CI/CD, monitoring, alerting, logging, etc.) to ensure security, availability, and quality is considered throughout the agile software development process.
  • Design, deploy, and maintain application, network, and infrastructure level security controls that protect the confidentiality, privacy, and security of our customers’ data, including firewalls, WAF, and IDS/IPS.
  • Keep Pana up-to-date with and certified by industry-standard compliance frameworks such as SOC2, GDPR, and PCI-DSS.
  • Ensure that Pana runs and passes independent third-party vendors security assessments such as penetration tests, social engineering tests, and vulnerability scans.
  • Ensure that Pana’s employee processes and controls adequately protect the security, confidentiality, and privacy of our customers.
  • Maintain and update clear documentation on Pana’s InfoSec policies, processes, and controls, and ensure employees are properly trained on InfoSec topics.
  • Clearly communicate the details of our InfoSec program to sales prospects and customers.
  • Plan for and manage incident response plans while minimizing effect on the business.
  • Effectively respond to, support, troubleshoot, and monitor security incidents in production systems.
  • Help scale our infrastructure to keep up with Pana’s incredible growth.
 The Typical Day
  • Consulting with engineers on security best practices for an upcoming story
  • Deploy a change to our CI/CD pipeline to leverage new linter
  • Attending an InfoSec conference to keep up with industry best practices
  • Run a security best-practices session with new employees
  • Responding to an InfoSec questionnaire from a prospective customer
  • 10+ years of relevant experience in the InfoSec and DevOps space, preferably with both large and small, high-growth companies. 
  • SaaS and/or PaaS industry experience preferred.
  • Expert experience with cloud security, platforms and services, including understanding of current security offerings from leading cloud service providers and their applicability to securing a SaaS enterprise security environment.
  • Experience in the evaluation and implementation of industry-standard InfoSec technologies and concepts, including but not limited to: SEIM, Application Security, Cloud Security, Data Loss Prevention, Security Event Management, Threat and Vulnerability Management and Identity and Access Management.
  • Familiarity with industry security standards and compliances, such as OWASP, FedRAMP, AICPA SOC, ISO 27001 as well as current data privacy regulations, including GDPR and regional standards.
  • Collaborative attitude and ability to work cross-functionally to educate, build relationships, and foster adoption of sound security practices.
Read Full Job Description

Technology we use

  • Engineering
    • C++Languages
    • JavascriptLanguages
    • SqlLanguages
    • ReactLibraries
    • ReduxLibraries
    • Backbone.jsFrameworks
    • Node.jsFrameworks
    • MongoDBDatabases
    • PostgreSQLDatabases
    • RedisDatabases


Our office is located in RiNo--Denver's source for galleries, brewpubs, music, and murals. (Huge positive--We have FREE parking!)

An Insider's view of Pana

How do your team's ideas influence the company's direction?

We build idea meritocracies, where solutions come from anyone, no matter their title. We have processes, such as our daily Product Forum, where anyone can bring feedback/ideas (with well-justified arguments). We also hire for intellectual honesty—the ability to debate ideas on the merits of their reasoning, not because you want to be right.



What are Pana Perks + Benefits

Friends outside of work
Eat lunch together
Daily stand up
Open door policy
Team based strategic planning
Open office floor plan
Mean gender pay gap below 10%
Health Insurance & Wellness Benefits
Dental Benefits
Vision Benefits
Health Insurance Benefits
Onsite Gym
Retirement & Stock Options Benefits
Company Equity
Vacation & Time Off Benefits
Unlimited Vacation Policy
Perks & Discounts
Casual Dress
Company Outings
Acme Co. hosts company outings Quarterly.
Some Meals Provided
We offer employees Free on-site garage parking.
Pet Friendly
Acme Co.'s pet policy is dog friendly daily.
Relocation Assistance
Professional Development Benefits
Lunch and learns
Acme Co. hosts lunch and learn meetings once per quarter.
Promote from within
More Jobs at Pana8 open jobs
All Jobs
Dev + Engineer