Senior Application Security Engineer

Overview:

The Information Security team at Weedmaps works collaboratively throughout the entire organization to align Information Security to the business and enable continued growth. Weedmaps is looking for an Application Security Engineer to join our expanding team. As an Application Security Engineer, you would ensure the Security of Weedmaps's products and services.

The impact you'll make:

  • Perform security assessments and design reviews of Weedmaps’s web applications, mobile clients, internal services and APIs.
  • Maintaining and creating secure development best practices and programs for our engineering teams.
  • Identify risks in code, applications, software architecture, and internal development processes.
  • Evaluate, analyze, and reproduce security vulnerabilities reported by internal tools, internal engineers, security researchers, partners, and customers. Partner with development teams to ensure they address these vulnerabilities in our products and services.
  • Institute Security training and outreach to Weedmaps engineering teams
  • Provide guidance on relevant application security industry standards and practices such as OWASP, SANS, CWE, CWSS, CVE, CVSS, etc.
  • Partner with multiple engineering stakeholders to evangelize security, assist in developing security controls into engineering pipelines, and remediate security issues from internal, and third- party assessments.
  • Build new tools into our Security program, which includes automation of processes to make security testing more effective and efficient.
  • Take part in helping develop the maturity of Weedmaps's security organization.
  • Assist the Information Security team in gaining industry-recognized certifications such as ISO 27001, SOC, PCI DSS

What you've accomplished:

  • You have 4+ years of experience working on a security team performing technical security assessments on modern web applications, APIs, and mobile applications within cloud hosted environments such as AWS, GCP, Azure.
  • Strong familiarity with containers and container orchestration/scheduling (eg. Docker, ECS, Rancher, Kubernetes).
  • Experience with manual secure code review in languages such as Javascript (Node, React), Go, Ruby, Elixir.
  • Experience integrating security into CI/CD pipelines.
  • Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Checkmarx, Veracode, AppSpider, or Contrast.
  • Understanding of Agile software development methods and familiarity with enterprise. productivity tools such as JIRA, and Confluence.
  • Experience instituting organizational change with respect to security.
  • Effective communicator to multiple audiences both verbally as well as orally.
  • B.S. in Computer Science, a related field, or equivalent experience.
  • Must have experience in a large web-scale or technology company.

Bonus points: 

  • Experience and familiarity with NIST, PCI, et. al. frameworks.
  • Familiarity with Weedmaps products and services is a plus
  • Experience with bug bounty programs
  • Experience with CDNs such as Fastly, Cloudflare, CloudFront, Akamai

Our Benefits:

  • Fully covered Medical, Dental, and Vision for employee AND dependents
  • 401k matching: 50% match up to 6% of employee contribution
  • 3 weeks accrued PTO and 5 immediate sick days
  • Accident Insurance
  • Basic Life/AD&D (Accidental Death and Dismemberment)
  • Voluntary Short and Long Term Disability
  • Flexible Spending Account
  • Catered lunch provided 5 days a week
  • All the equipment that you need to get your work done
  • Fully stocked pantries and refrigerators with healthy drinks and snacks
  • Casual work environment, read “no suit and tie required”, but you are free to dress to the nines

Weedmaps is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability. We are looking for the smartest and most passionate people who want to join our team and develop the services, systems, and marketplaces that will serve the marijuana industry in the decades to come. Our company uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify.

About Weedmaps:

Founded in 2008, Weedmaps is a leading technology and software infrastructure provider to the cannabis industry. Our suite of cloud-based software and data solutions includes point of sale, logistics and ordering solutions that enable customers to scale their businesses while complying with the complex and disparate regulations applicable to the cannabis industry. In addition, our platform provides consumers with information regarding cannabis products across web and mobile platforms, including listing local retailers and brands, facilitating product discovery and allowing consumers to educate themselves on cannabis and its history, uses and legal status. Headquartered in Irvine, California, Weedmaps employs more than 400 professionals around the world, with offices including Barcelona, Berlin, Boston, Denver, New York, Phoenix and Toronto.

So what are you waiting for? Join the Weedmaps family!

Apply for this Job

* Required

  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Weedmaps are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 1/31/2020

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

Because we do business with the government, we must reach out to, hire, and provide equal opportunity to qualified people with disabilities1. To help us measure how well we are doing, we are asking you to tell us if you have a disability or if you ever had a disability. Completing this form is voluntary, but we hope that you will choose to fill it out. If you are applying for a job, any answer you give will be kept private and will not be used against you in any way.

If you already work for us, your answer will not be used against you in any way. Because a person may become disabled at any time, we are required to ask all of our employees to update their information every five years. You may voluntarily self-identify as having a disability on this form without fear of any punishment because you did not identify as having a disability earlier.

How do I know if I have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Blindness
  • Deafness
  • Cancer
  • Diabetes
  • Epilepsy
  • Autism
  • Cerebral palsy
  • HIV/AIDS
  • Schizophrenia
  • Muscular dystrophy
  • Bipolar disorder
  • Major depression
  • Multiple sclerosis (MS)
  • Missing limbs or partially missing limbs
  • Post-traumatic stress disorder (PTSD)
  • Obsessive compulsive disorder
  • Impairments requiring the use of a wheelchair
  • Intellectual disability (previously called mental retardation)
Reasonable Accommodation Notice

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.