Director of Information Security

Panthalassa is moving from prototype systems toward repeatable production, larger facilities, more connected enterprise systems, and increasingly mission-critical software, infrastructure, and operational data flows. We’re hiring a Director of Information Security to scale and mature the security foundations that will allow the company to scale quickly without losing control. This is a hands-on, high-leverage builder role. You will own the technical direction of Panthalassa’s information security program across corporate infrastructure, cloud environments, engineering systems, identity and access management, enterprise applications, and security operations. Your job is not to create bureaucracy. Your job is to build practical guardrails, resilient architectures, and clear operating mechanisms that make the company more secure while helping engineering, manufacturing, and business teams move faster. You’ll partner closely with IT, software, test, enterprise systems, manufacturing, and leadership to identify the highest-risk gaps, prioritize what matters, and implement controls that are robust, scalable, and usable in the real world. This role is both an individual contributor and a strategic leadership role, where you will shape the broader security organization, vendor strategy, and long-term roadmap. • Own the technical roadmap for information security across Panthalassa’s corporate, cloud, and enterprise systems environments • Design and implement security architecture for identity, endpoint, network, SaaS, and cloud systems, with a focus on secure-by-default standards • Scale and mature practical security guardrails into engineering and operational workflows, including source control, CI/CD, infrastructure as code, secrets management, logging, and access reviews • Partner with IT and infrastructure teams to harden corporate networks, cloud environments, endpoints, and collaboration systems • Define and implement identity and access management patterns, including SSO, MFA, role-based access controls, privileged access workflows, and lifecycle management • Lead vulnerability management across internal systems and applications, including scanner tuning, prioritization, remediation guidance, and verification of fixes • Establish detection and response capabilities appropriate for the company’s scale, including telemetry strategy, alerting, incident playbooks, and forensic readiness • Secure enterprise systems and the digital thread that support engineering release, manufacturing, supply chain, and operations • Perform security architecture reviews for new tools, vendors, infrastructure changes, and internal systems • Build lightweight, durable security policies and standards that are aligned with how the company actually works • Partner with legal, finance, IT, and business operations on audit readiness, third-party risk, and customer or partner security requirements • Drive remediation of high-priority risks through direct implementation, automation, and close partnership with system owners • Create clear documentation, runbooks, and training that raise the security baseline across the company • Serve as a senior technical advisor during security incidents and significant operational events

• 8+ years of experience in security engineering, infrastructure security, platform security, or a closely related domain • Strong hands-on experience securing cloud and enterprise environments, including identity, networking, endpoints, SaaS, and logging/monitoring systems • Experience building and operating security controls in modern engineering environments, including CI/CD pipelines, source control platforms, infrastructure as code, and developer tooling • Deep knowledge of identity and access management, including SSO, MFA, RBAC, provisioning/deprovisioning, and privileged access design • Proven experience leading vulnerability management and remediation programs in a fast-moving engineering environment • Experience designing security architectures and making high-quality tradeoff decisions in complex, ambiguous settings • Ability to move fluidly between strategic planning and hands-on execution • Clear written and verbal communication skills, with the ability to work effectively across technical and non-technical teams • Good judgment, high ownership, and a practical mindset about applying security where it matters most • Experience as a founding or early security hire at a scaling startup • Experience securing environments that support hardware engineering, manufacturing, lab operations, or industrial/OT-adjacent systems • Familiarity with security requirements relevant to enterprise infrastructure, including SOC 2 and ISO 27001 control environments • Experience with zero trust architecture, device trust, and modern endpoint management • Experience with cloud security tooling, SIEM/log pipelines, EDR, MDM, and infrastructure policy enforcement • Familiarity with secure software supply chain controls, including artifact integrity, dependency management, and secrets detection • Experience evaluating and securing enterprise systems such as PLM, ERP, MRP, MES, QMS, and related integrations • Experience with incident response, threat modeling, tabletop exercises, and security reviews for critical vendors • Experience working in highly regulated, high-consequence, or mission-critical industries such as aerospace, defense, energy, robotics, or advanced manufacturing The above qualifications are desired, not required. We encourage you to apply if you are a strong candidate with only some of the desired skills and experience listed. • This role requires regular on-site presence in Portland, Oregon • You should be comfortable working across office, lab, and industrial environments and partnering directly with teams doing hands-on technical work • Occasional travel to vendors, partner sites, test sites, or future facilities may be required • Intermittently able to work longer hours when supporting critical incidents, infrastructure changes, or time-sensitive operational needs

If hired for this full-time role, you will receive: • Cash compensation of $200,000 - $275,000 • Equity in the company. We’re all owners and if we’re successful, this equity should be far and away the most valuable component of your compensation. • A benefits package that helps you take care of yourself and your family, including: Flexible paid time off Health insurance (the company pays 100% of gold level PPO plan for full time employees, their partners, and dependents) Dental insurance (the company pays 100% for full time employees and 100% for their partners and dependents) Vision insurance (the company pays 100% for full time employees, their partners, and dependents) Disability insurance (the company pays 100% for a policy to provide long term financial support if you become disabled) Ability to contribute to tax-advantaged accounts, including 401(k), health FSA, and dependent care FSA • Relocation assistance to facilitate your move to Portland (if needed).