DevSecOps (Security) Engineer at Pana
Today, coordinating business travel is complex because of competing interests, opaque industry practices, convoluted systems, and bad software.
But we believe that travel is a force-multiplier for growth.
Travel connects teams to new and existing co-workers, partners, and customers. It enables new opportunities, produces unexpected collaboration, and shifts perspectives. That’s why we focus daily on making travel more about why you’re going and less about how you’ll get there.
Our mission is to make in-person collaboration effortless.
- Design, develop, and manage software development processes (code reviews, defensive programming, etc.) and tooling/automation (CI/CD, monitoring, alerting, logging, etc.) to ensure security, availability, and quality is considered throughout the agile software development process.
- Design, deploy, and maintain application, network, and infrastructure level security controls that protect the confidentiality, privacy, and security of our customers’ data, including firewalls, WAF, and IDS/IPS.
- Keep Pana up-to-date with and certified by industry-standard compliance frameworks such as SOC2, GDPR, and PCI-DSS.
- Ensure that Pana runs and passes independent third-party vendors security assessments such as penetration tests, social engineering tests, and vulnerability scans.
- Ensure that Pana’s employee processes and controls adequately protect the security, confidentiality, and privacy of our customers.
- Maintain and update clear documentation on Pana’s InfoSec policies, processes, and controls, and ensure employees are properly trained on InfoSec topics.
- Clearly communicate the details of our InfoSec program to sales prospects and customers.
- Plan for and manage incident response plans while minimizing effect on the business.
- Effectively respond to, support, troubleshoot, and monitor security incidents in production systems.
- Help scale our infrastructure to keep up with Pana’s incredible growth.
- Consulting with engineers on security best practices for an upcoming story
- Deploy a change to our CI/CD pipeline to leverage new linter
- Attending an InfoSec conference to keep up with industry best practices
- Run a security best-practices session with new employees
- Responding to an InfoSec questionnaire from a prospective customer
- 10+ years of relevant experience in the InfoSec and DevOps space, preferably with both large and small, high-growth companies.
- SaaS and/or PaaS industry experience preferred.
- Expert experience with cloud security, platforms and services, including understanding of current security offerings from leading cloud service providers and their applicability to securing a SaaS enterprise security environment.
- Experience in the evaluation and implementation of industry-standard InfoSec technologies and concepts, including but not limited to: SEIM, Application Security, Cloud Security, Data Loss Prevention, Security Event Management, Threat and Vulnerability Management and Identity and Access Management.
- Familiarity with industry security standards and compliances, such as OWASP, FedRAMP, AICPA SOC, ISO 27001 as well as current data privacy regulations, including GDPR and regional standards.
- Collaborative attitude and ability to work cross-functionally to educate, build relationships, and foster adoption of sound security practices.
Note: An offer of employment at Pana is contingent upon passing a background check. This does not include a credit check. All background investigations will be conducted in accordance with the Fair Credit in Reporting Act and other applicable state/local regulations.