Security Engineer
Security Engineer (Remote)
Overview:
The Information Security team at Weedmaps works collaboratively throughout the entire organization to align Information Security to the business and enable continued growth. Weedmaps is seeking a hands-on Security Engineer to mature our security organization by focusing on automation and vulnerability management.
This role directly contributes to the resilience of the entire platform by ensuring the security readiness of our infrastructure, internal systems, and development lifecycle. Success in this position is measured by the engineer’s ability to design and implement security efficiencies that significantly reduce the time-to-remediate vulnerabilities and scale security practices through self-service tooling for engineering teams. The Security Engineer will be the technical interface collaborating with IT, Software Engineering, and other teams to ensure all technology assets are secure, compliant, and resilient against evolving threats.
The impact you'll make:
Design, build, and maintain security tools, scripts, and automations to enhance the effectiveness and efficiency of security workflows.
Partner with Engineering teams to manage and drive remediation of security vulnerabilities identified via internal and external sources.
Evaluate and prioritize security risks based on industry standards (e.g., CVSS, CWE) and business context to ensure timely risk reduction.
Recommend, implement, and optimize technical controls to effectively reduce organizational risk.
Ensure security policies and standards are being properly applied throughout the entire organization.
Manage and optimize a suite of security tools, including SOAR, EDR, DLP, and other solutions.
Author Agile stories, estimate story points, assist with sprint planning, and retrospectives.
Maintain and create secure development best practices for our engineering teams.
Identify risks in software architecture and internal development processes.
Participate in a rotating on-call schedule for incident monitoring and triaging of security-related events.
What you've accomplished:
5+ years of experience in Information Security, DevSecOps, or a combined background in DevOps/Software Engineering, with a focus on vulnerability management and technical security assessments.
Deep technical understanding of modern systems architecture, including Cloud (AWS), containers/orchestration (Kubernetes, Docker), and serverless workflows.
Experience with vulnerability analysis, including understanding CVEs, and identifying/remediating security issues within application code.
Proficiency in a Git-based development environment, including workflows like CI/CD, PRs, and repository management.
Experience integrating security tooling into CI/CD pipelines and using Agile/Lean methodologies with tools like JIRA/Confluence.
Literacy in at least one modern programming or scripting language (e.g., Python, Ruby, Java, JavaScript).
Experience designing, building, or operating SOAR or SIEM platforms, and utilizing system metrics for security monitoring and alerting.
Effective written and verbal communication skills, with a proven ability to collaborate and drive security initiatives across technical and non-technical teams.
Bonus points:
Knowledge of security standards and compliance frameworks (e.g., PCI, SOC2, NIST 800-53).
2+ years working directly on a DevOps or DevSecOps team.
Expertise in Infrastructure-as-Code (IaC), including using Terraform to manage and implement secure cloud architectures (AWS).
Experience building pipelines for Continuous Delivery and integrating SDLC security tooling and flexible automations.
Advanced experience with security operations technologies, including SOAR/SIEM solutions, incident response, and root cause analysis.
Ability to perform security troubleshooting in complex cloud and container environments.
Relevant security certifications (CISSP, CCSP, GCIA, GCIH) are a plus.
Proven ability to drive organizational change regarding security and a passion for innovative security projects.
Comfortable working in a fast-paced, rapidly scaling, and complex product environment.
The base pay range for this position is $149,500 - $169,202 per year
2026 US Benefits for Full Time, Regular Employees:
Physical Health (Medical, Dental & Vision)
100% employer-paid premium for employees
Up to 80% coverage for dependents
Company HSA contribution with the High Deductible Health Plan
401(k) Retirement Plan (employer will match contribution up to 3.5% of employee contribution)
Basic Life, Voluntary Life and AD&D Insurance options
Supplemental, voluntary benefits
Student Loan Repayment/529 Education Savings with a monthly company contribution
FSA (Medical, Dependent, Transit and Parking)
Voluntary Life and AD&D Insurance
Critical Illness Insurance
Accident Insurance
Short- and Long-term Disability Insurance
Pet Insurance
Identity theft protection
Legal access to a network of attorneys
PTO, paid sick leave, and company holidays (including a 2026 holiday shutdown)
Paid parental leave
About the job
Apply for this position
Security Engineer
Security Engineer (Remote)
Overview:
The Information Security team at Weedmaps works collaboratively throughout the entire organization to align Information Security to the business and enable continued growth. Weedmaps is seeking a hands-on Security Engineer to mature our security organization by focusing on automation and vulnerability management.
This role directly contributes to the resilience of the entire platform by ensuring the security readiness of our infrastructure, internal systems, and development lifecycle. Success in this position is measured by the engineer’s ability to design and implement security efficiencies that significantly reduce the time-to-remediate vulnerabilities and scale security practices through self-service tooling for engineering teams. The Security Engineer will be the technical interface collaborating with IT, Software Engineering, and other teams to ensure all technology assets are secure, compliant, and resilient against evolving threats.
The impact you'll make:
Design, build, and maintain security tools, scripts, and automations to enhance the effectiveness and efficiency of security workflows.
Partner with Engineering teams to manage and drive remediation of security vulnerabilities identified via internal and external sources.
Evaluate and prioritize security risks based on industry standards (e.g., CVSS, CWE) and business context to ensure timely risk reduction.
Recommend, implement, and optimize technical controls to effectively reduce organizational risk.
Ensure security policies and standards are being properly applied throughout the entire organization.
Manage and optimize a suite of security tools, including SOAR, EDR, DLP, and other solutions.
Author Agile stories, estimate story points, assist with sprint planning, and retrospectives.
Maintain and create secure development best practices for our engineering teams.
Identify risks in software architecture and internal development processes.
Participate in a rotating on-call schedule for incident monitoring and triaging of security-related events.
What you've accomplished:
5+ years of experience in Information Security, DevSecOps, or a combined background in DevOps/Software Engineering, with a focus on vulnerability management and technical security assessments.
Deep technical understanding of modern systems architecture, including Cloud (AWS), containers/orchestration (Kubernetes, Docker), and serverless workflows.
Experience with vulnerability analysis, including understanding CVEs, and identifying/remediating security issues within application code.
Proficiency in a Git-based development environment, including workflows like CI/CD, PRs, and repository management.
Experience integrating security tooling into CI/CD pipelines and using Agile/Lean methodologies with tools like JIRA/Confluence.
Literacy in at least one modern programming or scripting language (e.g., Python, Ruby, Java, JavaScript).
Experience designing, building, or operating SOAR or SIEM platforms, and utilizing system metrics for security monitoring and alerting.
Effective written and verbal communication skills, with a proven ability to collaborate and drive security initiatives across technical and non-technical teams.
Bonus points:
Knowledge of security standards and compliance frameworks (e.g., PCI, SOC2, NIST 800-53).
2+ years working directly on a DevOps or DevSecOps team.
Expertise in Infrastructure-as-Code (IaC), including using Terraform to manage and implement secure cloud architectures (AWS).
Experience building pipelines for Continuous Delivery and integrating SDLC security tooling and flexible automations.
Advanced experience with security operations technologies, including SOAR/SIEM solutions, incident response, and root cause analysis.
Ability to perform security troubleshooting in complex cloud and container environments.
Relevant security certifications (CISSP, CCSP, GCIA, GCIH) are a plus.
Proven ability to drive organizational change regarding security and a passion for innovative security projects.
Comfortable working in a fast-paced, rapidly scaling, and complex product environment.
The base pay range for this position is $149,500 - $169,202 per year
2026 US Benefits for Full Time, Regular Employees:
Physical Health (Medical, Dental & Vision)
100% employer-paid premium for employees
Up to 80% coverage for dependents
Company HSA contribution with the High Deductible Health Plan
401(k) Retirement Plan (employer will match contribution up to 3.5% of employee contribution)
Basic Life, Voluntary Life and AD&D Insurance options
Supplemental, voluntary benefits
Student Loan Repayment/529 Education Savings with a monthly company contribution
FSA (Medical, Dependent, Transit and Parking)
Voluntary Life and AD&D Insurance
Critical Illness Insurance
Accident Insurance
Short- and Long-term Disability Insurance
Pet Insurance
Identity theft protection
Legal access to a network of attorneys
PTO, paid sick leave, and company holidays (including a 2026 holiday shutdown)
Paid parental leave