Security Engineer - Remote

Overview

The Information Security team at Weedmaps works collaboratively throughout the entire organization to align Information Security to the business and enable continued growth. Weedmaps is seeking a hands-on Security Engineer to mature our security organization by focusing on automation and vulnerability management.

This role directly contributes to the resilience of the entire platform by ensuring the security readiness of our infrastructure, internal systems, and development lifecycle. Success in this position is measured by the engineer’s ability to design and implement security efficiencies that significantly reduce the time-to-remediate vulnerabilities and scale security practices through self-service tooling for engineering teams. The Security Engineer will be the technical interface collaborating with IT, Software Engineering, and other teams to ensure all technology assets are secure, compliant, and resilient against evolving threats.

In Short

• Design, build, and maintain security tools, scripts, and automations to enhance the effectiveness and efficiency of security workflows.
• Partner with Engineering teams to manage and drive remediation of security vulnerabilities identified via internal and external sources.
• Evaluate and prioritize security risks based on industry standards (e.g., CVSS, CWE) and business context to ensure timely risk reduction.
• Recommend, implement, and optimize technical controls to effectively reduce organizational risk.
• Ensure security policies and standards are being properly applied throughout the entire organization.
• Manage and optimize a suite of security tools, including SOAR, EDR, DLP, and other solutions.
• Author Agile stories, estimate story points, assist with sprint planning, and retrospectives.
• Maintain and create secure development best practices for our engineering teams.
• Identify risks in software architecture and internal development processes.
• Participate in a rotating on-call schedule for incident monitoring and triaging of security-related events.

Requirements

• 5+ years of experience in Information Security, DevSecOps, or a combined background in DevOps/Software Engineering, with a focus on vulnerability management and technical security assessments.
• Deep technical understanding of modern systems architecture, including Cloud (AWS), containers/orchestration (Kubernetes, Docker), and serverless workflows.
• Experience with vulnerability analysis, including understanding CVEs, and identifying/remediating security issues within application code.
• Proficiency in a Git-based development environment, including workflows like CI/CD, PRs, and repository management.
• Experience integrating security tooling into CI/CD pipelines and using Agile/Lean methodologies with tools like JIRA/Confluence.
• Literacy in at least one modern programming or scripting language (e.g., Python, Ruby, Java, JavaScript).
• Experience designing, building, or operating SOAR or SIEM platforms, and utilizing system metrics for security monitoring and alerting.
• Effective written and verbal communication skills, with a proven ability to collaborate and drive security initiatives across technical and non-technical teams.

Benefits

• Physical Health (Medical, Dental & Vision)
• 401(k) Retirement Plan (employer will match contribution up to 3.5% of employee contribution)
• Basic Life, Voluntary Life and AD&D Insurance options
• Supplemental, voluntary benefits
• PTO, paid sick leave, and company holidays (including a 2026 holiday shutdown)
• Paid parental leave