Director of Information Security

We are a renewable energy and ocean technology company committed to rapidly developing and deploying technologies that will ensure a sustainable future for Earth by unlocking the vast energy potential of its oceans. Our focus is on capturing civilizational levels of ultra-low-cost renewable energy for applications including computing and affordable renewable fuels delivered to shore.

The company is a public benefit corporation headquartered in Portland, Oregon, and backed by leading venture capitalists, philanthropic investors, university endowments, and private investment offices. We operate as an idea meritocracy in which the best ideas change the company’s direction on a regular basis.

Panthalassa is moving from prototype systems toward repeatable production, larger facilities, more connected enterprise systems, and increasingly mission-critical software, infrastructure, and operational data flows. We’re hiring a Director of Information Security to design and build the security foundations that will allow the company to scale quickly without losing control.

This is a hands-on, high-leverage builder role. You will own the technical direction of Panthalassa’s information security program across corporate infrastructure, cloud environments, engineering systems, identity and access management, enterprise applications, and security operations. Your job is not to create bureaucracy. Your job is to build practical guardrails, resilient architectures, and clear operating mechanisms that make the company more secure while helping engineering, manufacturing, and business teams move faster.

You’ll partner closely with IT, software, test, enterprise systems, manufacturing, and leadership to identify the highest-risk gaps, prioritize what matters, and implement controls that are robust, scalable, and usable in the real world. This role is both an individual contributor and a strategic leadership role, where you will shape the broader security organization, vendor strategy, and long-term roadmap.

• →Own the technical roadmap for information security across Panthalassa’s corporate, cloud, and enterprise systems environments
• →Design and implement security architecture for identity, endpoint, network, SaaS, and cloud systems, with a focus on secure-by-default standards
• →Build practical security guardrails into engineering and operational workflows, including source control, CI/CD, infrastructure as code, secrets management, logging, and access reviews
• →Partner with IT and infrastructure teams to harden corporate networks, cloud environments, endpoints, and collaboration systems
• →Define and implement identity and access management patterns, including SSO, MFA, role-based access controls, privileged access workflows, and lifecycle management
• →Lead vulnerability management across internal systems and applications, including scanner tuning, prioritization, remediation guidance, and verification of fixes
• →Establish detection and response capabilities appropriate for the company’s scale, including telemetry strategy, alerting, incident playbooks, and forensic readiness
• →Secure enterprise systems and the digital thread that support engineering release, manufacturing, supply chain, and operations
• →Perform security architecture reviews for new tools, vendors, infrastructure changes, and internal systems
• →Build lightweight, durable security policies and standards that are aligned with how the company actually works
• →Partner with legal, finance, IT, and business operations on audit readiness, third-party risk, and customer or partner security requirements
• →Drive remediation of high-priority risks through direct implementation, automation, and close partnership with system owners
• →Create clear documentation, runbooks, and training that raise the security baseline across the company
• →Serve as a senior technical advisor during security incidents and significant operational events

• 8+ years of experience in security engineering, infrastructure security, platform security, or a closely related domain
• Strong hands-on experience securing cloud and enterprise environments, including identity, networking, endpoints, SaaS, and logging/monitoring systems
• Experience building and operating security controls in modern engineering environments, including CI/CD pipelines, source control platforms, infrastructure as code, and developer tooling
• Deep knowledge of identity and access management, including SSO, MFA, RBAC, provisioning/deprovisioning, and privileged access design
• Proven experience leading vulnerability management and remediation programs in a fast-moving engineering environment
• Experience designing security architectures and making high-quality tradeoff decisions in complex, ambiguous settings
• Ability to move fluidly between strategic planning and hands-on execution
• Clear written and verbal communication skills, with the ability to work effectively across technical and non-technical teams
• Good judgment, high ownership, and a practical mindset about applying security where it matters most

• Experience as a founding or early security hire at a scaling startup
• Experience securing environments that support hardware engineering, manufacturing, lab operations, or industrial/OT-adjacent systems
• Familiarity with security requirements relevant to enterprise infrastructure, including SOC 2 and ISO 27001 control environments
• Experience with zero trust architecture, device trust, and modern endpoint management
• Experience with cloud security tooling, SIEM/log pipelines, EDR, MDM, and infrastructure policy enforcement
• Familiarity with secure software supply chain controls, including artifact integrity, dependency management, and secrets detection
• Experience evaluating and securing enterprise systems such as PLM, ERP, MRP, MES, QMS, and related integrations
• Experience with incident response, threat modeling, tabletop exercises, and security reviews for critical vendors
• Experience working in highly regulated, high-consequence, or mission-critical industries such as aerospace, defense, energy, robotics, or advanced manufacturing

The above qualifications are desired, not required. We encourage you to apply if you are a strong candidate with only some of the desired skills and experience listed.

• This role requires regular on-site presence in Portland, Oregon
• You should be comfortable working across office, lab, and industrial environments and partnering directly with teams doing hands-on technical work
• Occasional travel to vendors, partner sites, test sites, or future facilities may be required
• Intermittently able to work longer hours when supporting critical incidents, infrastructure changes, or time-sensitive operational needs

This is an on-site position with expectation of regular presence in our Portland facilities (4+ days/week). Our offices, lab, and shop are located in Portland, Oregon. This position may require occasional domestic and international travel for new office or facility buildouts.