DevSecOps Engineer


The Information Security team at Weedmaps works collaboratively throughout the entire organization to align Information Security to the business and our products. Weedmaps is looking for a DevSecOps Engineer to join our expanding team. As a DevSecOps Engineer, you would ensure the Security of Weedmaps’s products and services by integrating security services into the CI/CD pipeline

The impact you’ll make:

  • Maintaining and creating secure development best practices and programs for our engineering teams
  • Identify risks in software architecture, and internal development processes
  • Partner with multiple engineering stakeholders to evangelize security, assist in developing security controls into engineering pipelines, and remediate security issues from internal, and third- party assessments
  • Build new tools into our Security program, which includes automation of processes to make security testing more effective and efficient.
  • Integrate SOAR and DevSecOps methodologies into our existing CI/CD
  • Take part in helping develop the maturity of Weedmaps’s security organization
  • Assist the Information Security team in gaining industry-recognized certifications such as ISO 27001, SOC, PCI DSS

What you’ve accomplished:

  • Strong familiarity with containers and container orchestration/scheduling (eg. Docker, ECS, Rancher, Kubernetes)
  • Background in Devops or DevSecOps
  • Experience shifting security left through CICD automation
  • Automation skills using Infrastructure as Code tools like Ansible, Terraform, Chef, Packer, Helm, etc.
  • Experience with CICD pipelines like CodeFresh, CircleCI, Jenkins, etc.
  • Familiarity with Hashicorp Vault, AWS Secrets Manager or other secrets management infrastructure
  • Have shown experience (or learned interest) integrating SOAR methodologies into CI/CD
  • Familiarity with Amazon AWS Security Management tools (i.e. Security Hub, Macie, Guard Duty, Config, Control Tower).
  • Familiarity with API Security, Container Security, AWS Cloud Security
  • Knowledge of PCI-DSS, HIPPA, SOX, GDPR, and CCPA Standards and Policies and the associated certification and audit processes
  • Experience working with Developers, DevOps, SRE and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization.
  • Proficiency in Python, Go, Ruby or other programming languages.
  • Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines.
  • Experience integrating security into CI/CD pipelines
  • Experience with Linux systems command line administration
  • Understanding of Agile software development methods and familiarity with enterprise. productivity tools such as JIRA, and Confluence
  • Experience instituting organizational change with respect to security
  • Effective communicator to multiple audiences both verbally as well as orally

Bonus points: 

  • Experience working in E-commerce or three-sided marketplace
  • Experience and familiarity with NIST, PCI, et. al. frameworks
  • Experience with bug bounty programs
  • Experience with CDNs such as Fastly, Cloudflare, CloudFront, Akamai
  • Familiarity with Weedmaps products and services is a plus

Our 2022 Benefits:

  • 100% Paid employee monthly Medical, Dental and Vision premiums AND 80% paid dependent monthly premiums
    • HMO options through Kaiser and Anthem (California Residents only)
    • HDHP with HSA and PPO options offered through Anthem
  • Company-paid Basic Life/AD&D (Accidental Death and Dismemberment) coverage, up to 1x your salary ($250,000 maximum)
  • 401(k) Retirement Plan: 100% match on the first 1%. 50% match from 2-6% of employee contributions
  • 3 weeks PTO (accrued) and 5 sick days (immediate)
  • Supplemental, voluntary benefits
    • Kindbody (family planning/fertility) including to $10,000 towards cash-pay services
    • Goodly (Student Loan Repayment/529 Education Savings) including a company contribution of up to $1,000/year
    • Flexible Spending Accounts (Medical, Dependent, Transit and Parking)
    • Voluntary Life Insurance
    • Critical Illness
    • Accident Insurance
    • Short- and long-term disability
    • Pet Insurance
    • Company- paid identity theft protection
    • Rocket Lawyer legal services platform
  • Paid parental leave
  • Reimbursements for home office setup and monthly WiFi

Our Culture:

  • Catered lunch and snacks provided while working in the office
    • Snack boxes sent straight to your door during work-from-home
  • Casual work environment, read no fancy clothes required, but you are free to dress to the nines!
  • Monthly virtual happy hours

Weedmaps is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability. We are looking for the smartest and most passionate people who want to join our team and develop the services, systems, and marketplaces that will serve the marijuana industry in the decades to come. Our company uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify.

Applicants may be entitled to reasonable accommodations under the terms of the ADA and state/local laws.  Please inform us if you need assistance participating in the interview process.

About Weedmaps:

Founded in 2008, WM Technology is a leading technology and software infrastructure provider to the cannabis industry, comprising a B2C platform, Weedmaps, and B2B software, WM Business. The cloud-based SaaS solutions from WM Business provide an end-to-end operating system for cannabis retailers. WM Business’ tools support compliance with the complex, disparate, and constantly evolving regulations applicable to the cannabis industry. Through its website and mobile apps, WM Technology provides consumers with the latest information about cannabis retailers, brands, and products, facilitating product discovery and driving engagement with our retail and brand customers.

WM Technology holds a strong belief in the power of cannabis and the importance of enabling safe, legal access to consumers worldwide. Since inception, WM Technology has worked tirelessly, not only to become the most comprehensive platform for consumers, but to build the software solutions that power businesses compliantly in the space, to advocate for legalization, social equity, and licensing in many jurisdictions, and to facilitate further learning through partnering with subject matter experts on providing detailed, accurate information about the plant.

Headquartered in Irvine, California, WM Technology supports remote work for all eligible employees. Visit us at www.weedmaps.com.

#LI-REMOTE #WMFromAnywhere