Application Security Engineer
Irvine, CA

Job Description

Application Security Engineer

Overview:

The Information Security team at Weedmaps works collaboratively throughout the entire organization to align Information Security to the business and enable continued growth. Weedmaps is looking for an Application Security Engineer to join our expanding team. As an Application Security Engineer, you would ensure the Security of Weedmaps's products and services.

Responsibilities:

* Perform security assessments and design reviews of Weedmaps's web applications, mobile clients, internal services and APIs.
* Maintaining and creating secure development best practices and programs for our engineering teams.
* Identify risks in code, applications, software architecture, and internal development processes.
* Evaluate, analyze, and reproduce security vulnerabilities reported by internal tools, internal engineers, security researchers, partners, and customers. Partner with development teams to ensure they address these vulnerabilities in our products and services.
* Institute Security training and outreach to Weedmaps engineering teams
* Provide guidance on relevant application security industry standards and practices such as OWASP, SANS, CWE, CWSS, CVE, CVSS, etc.
* Partner with multiple engineering stakeholders to evangelize security, assist in developing security controls into engineering pipelines, and remediate security issues from internal, and third- party assessments.
* Build new tools into our Security program, which includes automation of processes to make security testing more effective and efficient.
* Take part in helping develop the maturity of Weedmaps's security organization.
* Assist the Information Security team in gaining industry-recognized certifications such as ISO 27001, SOC, PCI DSS

Requirements:

* You have 4+ years of experience working on a security team performing technical security assessments on modern web applications, APIs, and mobile applications within cloud hosted environments such as AWS, GCP, Azure.
* Strong familiarity with containers and container orchestration/scheduling (eg. Docker, ECS, Rancher, Kubernetes).
* Experience with manual secure code review in languages such as Javascript (Node, React), Go, Ruby, Elixir.
* Experience integrating security into CI/CD pipelines.
* Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Checkmarx, Veracode, AppSpider, or Contrast.
* Understanding of Agile software development methods and familiarity with enterprise. productivity tools such as JIRA, and Confluence.
* Experience instituting organizational change with respect to security.
* Effective communicator to multiple audiences both verbally as well as orally.
* B.S. in Computer Science, a related field, or equivalent experience.
* Must have experience in a large web-scale or technology company.

Pluses:

* Experience and familiarity with NIST, PCI, et. al. frameworks.
* Familiarity with Weedmaps products and services is a plus
* Experience with bug bounty programs
* Experience with CDNs such as Fastly, Cloudflare, CloudFront, Akamai

Our Benefits:

* Fully covered Medical, Dental, and Vision for employee AND dependents
* 401k matching: 50% match up to 6% of employee contribution
* 3 weeks PTO and 5 sick days
* Accident Insurance
* Basic Life/AD&D (Accidental Death and Dismemberment)
* Voluntary Short and Long Term Disability
* Flexible Spending Account
* Catered lunch provided 5 days a week
* All the equipment that you need to get your work done
* Fully stocked pantries and refrigerators with healthy drinks and snacks
* Casual work environment, read "no suit and tie required", but you are free to dress to the nines

Weedmaps is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability. We are looking for the smartest and most passionate people who want to join our team and develop the services, systems, and marketplaces that will serve the marijuana industry in the decades to come. Our company uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify.

About Weedmaps:

Founded in 2008, Weedmaps is a leading technology and software infrastructure provider to the cannabis industry. Our suite of cloud-based software and data solutions includes point of sale, logistics and ordering solutions that enable customers to scale their businesses while complying with the complex and disparate regulations applicable to the cannabis industry. In addition, our platform provides consumers with information regarding cannabis products across web and mobile platforms, including listing local retailers and brands, facilitating product discovery and allowing consumers to educate themselves on cannabis and its history, uses and legal status. Headquartered in Irvine, California, Weedmaps employs more than 400 professionals around the world, with offices including Barcelona, Berlin, Boston, Denver, New York, Phoenix and Toronto.

So what are you waiting for? Join the Weedmaps family!