Director of Information Security
Gigascale Capital · Portland, OR · 6 days ago
Information Technology$200k–$275k/yrFull-time
Responsibilities
- Own the technical roadmap for information security across Panthalassa’s corporate, cloud, and enterprise systems environments
- Design and implement security architecture for identity, endpoint, network, SaaS, and cloud systems, with a focus on secure-by-default standards
- Scale and mature practical security guardrails into engineering and operational workflows, including source control, CI/CD, infrastructure as code, secrets management, logging, and access reviews
- Partner with IT and infrastructure teams to harden corporate networks, cloud environments, endpoints, and collaboration systems
- Define and implement identity and access management patterns, including SSO, MFA, role-based access controls, privileged access workflows, and lifecycle management
- Lead vulnerability management across internal systems and applications, including scanner tuning, prioritization, remediation guidance, and verification of fixes
- Establish detection and response capabilities appropriate for the company’s scale, including telemetry strategy, alerting, incident playbooks, and forensic readiness
- Secure enterprise systems and the digital thread that support engineering release, manufacturing, supply chain, and operations
- Build lightweight, durable security policies and standards that are aligned with how the company actually works
- Create clear documentation, runbooks, and training that raise the security baseline across the company
- Serve as a senior technical advisor during security incidents and significant operational events
Requirements
- 8+ years of experience in security engineering, infrastructure security, platform security, or a closely related domain
- Strong hands-on experience securing cloud and enterprise environments, including identity, networking, endpoints, SaaS, and logging/monitoring systems
- Experience building and operating security controls in modern engineering environments, including CI/CD pipelines, source control platforms, infrastructure as code, and developer tooling
- Deep knowledge of identity and access management, including SSO, MFA, RBAC, provisioning/deprovisioning, and privileged access design
- Prominent experience leading vulnerability management and remediation programs in a fast-moving engineering environment
- Ability to move fluidly between strategic planning and hands-on execution
Qualifications
- Experience as a founding or early security hire at a scaling startup
- Familiarity with security requirements relevant to enterprise infrastructure, including SOC 2 and ISO 27001 control environments
- Experience with zero trust architecture, device trust, and modern endpoint management
- Familiarity with cloud security tooling, SIEM/log pipelines, EDR, MDM, and infrastructure policy enforcement
- Familiarity with secure software supply chain controls, including artifact integrity, dependency management, and secrets detection
- Experience evaluating and securing enterprise systems such as PLM, ERP, MRP, MES, QMS, and related integrations
- Experience with incident response, threat modeling, tabletop exercises, and security reviews for critical vendors
- Experience working in highly regulated, high-consequence, or mission-critical industries such as aerospace, defense, energy, robotics, or advanced manufacturing