DevSecOps Engineer (Remote)
The DevSecOps Engineer is a hands-on technical position responsible for designing, building, and operating a diverse set of cloud security controls and process automations. In addition to internal security tasks, this role will work directly with the DevOps and SRE teams to improve security posture and tooling on the CI/CD pipeline, as well as cloud environments. While this role is in the Information Security organization, prior security experience is not required, however an interest or some experience in security concepts is a plus.
The impact you'll make:
- Design and build greenfield automations and solutions for the security team.
- Assess infrastructure and application vulnerabilities, and take remediation actions as appropriate.
- Ensure policies and standards are being properly applied throughout the entire organization.
- Build pipelines supporting Continuous Delivery, SDLC Security tools.
- Experience with SOAR platforms a plus
- Collaborate with information security, SRE and engineering teams to identify Platform needs and issues with respect to security.
- Container-based delivery (Docker) and serverless workflows (Lambda, Step-Functions).
- Operate and manage AWS IAM permissions based on defined roles and responsibilities.
- Ensure tight security for an e-commerce platform including data encryption, security groups, environment scanning, etc.
- AWS resource provisioning and management (based on immutable compute resources)
- Micro-service support (service registry, service-to-service authentication, authorization, and auditing)
- Author Agile stories, estimate story points, assist with sprint planning and retrospectives
- Perform advanced security technical troubleshooting for cloud environments
- Participate in incident response exercises and continue documenting security and incident response procedures.
What you've accomplished:
- 3 years combined experience in Software Engineering, DevOps, and/or Information Security.
- Literacy in Python and/or other programming or scripting languages.
- Knowledge of PCI, HIPPA. GDPR, CCPA, and other security-related standards and requirements is a plus but not required
- Collaboration, drive, and open communication internally and across teams.
- A passion for building innovative greenfield projects, with a focus on security.
- Strong problem-solving skills, and the ability to apply it to foreign systems.
- The ability to take an idea from concept to completion.
- Knowledge and experience with typical DevOps and DevSecOps tooling (CI/CD tools, github, k8s, docker, linux, etc)
- Experience deploying immutable infrastructure (terraform preferred)
- Operationally savvy, experience with monitoring, alerting, and analyzing system metrics to identify problems and understanding system behavior specific to security concerns.
- Production experience with public cloud (AWS preferred).
- Ability to work in a fast-paced, rapidly scaling environment.
- Strong communication and collaboration skills.
- Security certifications such as CISSP, CCSP, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH) are a plus.
The base range for this position is $120,000.00- $130,000.00
2023 Benefits for Full Time, Regular Employees:
- Medical, Dental & Vision benefits (effective Day 1):
- Employee - employer paid premium 100%
- For plans that offer coverage to your dependents, you pay a small contribution
- Basic Life & AD&D - employer paid 1x salary up to $250,000
- 401(k) Retirement Plan (with employer contribution)
- PTO (3 weeks accrued); 5 sick days
- Supplemental, voluntary benefits
- Family planning/fertility - including up to $10,000 towards cash-pay services
- Student Loan Repayment/529 Education Savings - including a company contribution of up to $1,000/year
- FSA (Medical, Dependent, Transit and Parking)
- Voluntary Life Insurance
- Critical Illness Insurance
- Accident Insurance
- Short- and long-term disability Insurance
- Pet Insurance
- Company-paid identity theft protection
- Legal services platform
- Paid parental leave
- You get an opportunity to shape the future of the cannabis industry
- You get to play a meaningful role that impacts the wellbeing of others
- Casual work environment, no fancy clothes required, but you are free to dress to the nines!
- Generous PTO and company holidays
- Numerous opportunities to learn and grow your professional skills
- Endless opportunities to network and connect with other Weedmappers through speaker series, Employee Resource Groups, happy hours, team celebrations, game nights, and much more!
Weedmaps is an equal opportunity employer and makes employment decisions on the basis of merit. The Company prohibits unlawful discrimination against employees or applicants based on race (including traits historically associated with race, such as hair texture and protective hairstyles), religion and religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, military status, veteran status, uniformed service member status, sexual orientation, transgender identity, citizenship status, pregnancy, or any other consideration made unlawful by federal, state, or local laws. The Company also prohibits unlawful discrimination based on the perception that anyone has any of those characteristics, or is associated with a person who has or is perceived as having any of those characteristics. Our company uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify.
Applicants are entitled to reasonable accommodations under the terms of the Americans with Disabilities Act and applicable state/local laws, unless the accommodation presents undue hardship. Please email us at peopleoperations at weedmaps.com if you would like to confidentially discuss a potential accommodation during the interview process.
WM Technology, Inc.’s (Nasdaq: MAPS) mission is to power a transparent and inclusive global cannabis economy. Now in its second decade, WM Technology has been a driving force behind much of the legislative change we’ve seen in the past 10 years.
Founded in 2008, WM Technology, is a leading technology and software infrastructure provider to the cannabis industry, comprising a B2C platform, Weedmaps, and B2B software, WM Business. The cloud-based SaaS solutions from WM Business provide an end-to-end operating system for cannabis retailers. WM Business’ tools support compliance with the complex, disparate, and constantly evolving regulations applicable to the cannabis industry. Through its website and mobile apps, WM Technology provides consumers with the latest information about cannabis retailers, brands, and products, facilitating product discovery and driving engagement with our retail and brand customers.
WM Technology holds a strong belief in the power of cannabis and the importance of enabling safe, legal access to consumers worldwide. Since inception, WM Technology has worked tirelessly, not only to become the most comprehensive platform for consumers, but to build the software solutions that power businesses compliantly in the space, to advocate for legalization, social equity, and licensing in many jurisdictions, and to facilitate further learning through partnering with subject matter experts on providing detailed, accurate information about the plant.
Headquartered in Irvine, California, WM Technology supports remote work for all eligible employees. Visit us at www.weedmaps.com.
Notice to prospective Weedmaps job applicants:
Our team has been made aware of incidents involving LinkedIn, Telegram, and Facebook accounts impersonating Weedmaps recruiters. These individuals are attempting to use our company name to solicit payment from prospective candidates interested in applying for jobs at our company. Our team is actively working to combat these attempts, but in the meantime, please be mindful of the following:
- Our recruiters will always communicate with candidates through an @weedmaps.com email address.
- CORRECT: email@example.com
- INCORRECT: firstname.lastname@example.org
- Our recruiters will NEVER ask for or attempt to solicit payment from applicants in order to apply, interview, or work for Weedmaps.
- If you are interested in a role at Weedmaps, please apply through our established channels.
- Weedmaps Careers Page or LinkedIn
If you are unsure if a communication is legitimate, please contact our recruitment team at email@example.com and they will happily confirm for you. Thank you for your vigilance and we appreciate your interest in working with us!