Staff DevSecOps Engineer
About Dutchie
Founded in 2017, Dutchie is a comprehensive technology platform powering dispensary operations, while providing consumers with safe and easy access to cannabis. Dutchie aims to further support the positive societal change the cannabis industry brings to the world through wellness benefits, social justice, and empowering local communities through tax revenue. Powering thousands of dispensaries across 40+ markets throughout the United States and Canada, Dutchie is the leading technology company in the cannabis space and was named in Fast Company’s 10 Most Innovative Companies in North America and listed two years in a row on LinkedIn’s Top 50 Startups.
Dutchie has raised over $600M in funding to date, backed by D1 Capital Partners, Tiger Global, Dragoneer, DFJ Growth, Thrive Capital, Howard Schultz, Snoop Dogg’s Casa Verde Capital, Gron Ventures, members of the founding team at DoorDash, Kevin Durant’s Thirty Five Ventures, and other notable angel investors.
About the Role
As a DevSecOps Engineer on our security engineering team, you will help define and implement a robust application security program at Dutchie. This position will be responsible for ensuring Dutchie’s applications are developed and maintained securely. You will partner closely with various stakeholders across the business to help identify and drive down business risks within our applications and the technologies hosting them.
What You’ll Do…
- Perform security assessments and reviews including: architectural design, threat modeling, source code audits, and security testing -- all providing actionable recommendations to make our products more secure
- Analyze the SDLC pipeline for security issues from development to QA to production to post-production
- Collaborate closely with engineering and security teams on implementation of security best practices in mission critical applications and systems.
- Provide security guidance to application and service owners to remediate known security vulnerabilities.
- Evaluate and integrate security tools and solutions to improve application security posture
- Assist engineering team’s cloud security posture through infrastructure-as-code
- Help product managers prioritize roadmap items in order to balance security and business risks
- Act as a subject matter expert on information security for your respective business units. Identify, measure, and report on security and privacy risks
- Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls
- Demonstrated experience in application development and baking security into every stage of the software development lifecycle.
- A proven ability to collaboratively work with engineering teams to implement solutions to novel security problems
- Infrastructure as Code (IaC) and its associated toolsets are familiar to you. You’ve used Terraform and other IaC tools to build, change, and manage infrastructure. You’re comfortable deploying changes to production using IaC.
- Previous professional information security experience, with penetration testing or "breaker" experience preferred
- Exceptional and demonstrable interpersonal and communication skills
- Natural leadership instincts with proven ability to innovate
- Ability to work well with designers and engineers
- Prior experience at a startup or consumer internet company
It's a Bonus If You...
- Hands-on understanding of OWASP testing such as WSTG, ASVS, Top 10 (API and Web)
- Familiarity with Zero Trust Network Access technologies and paradigms
- Ruby (Rails), Nodejs, Terraform, and/or Python experience
- Experience with vulnerability validation in the context of a product development team and ensuring teams are able to understand vulnerabilities beyond their clinical definitions
- Kubernetes security architecture experience
- Create application security and secure coding standards and educate developers
You’ll Get…
- Competitive Salary
- Equity
- 401(k)
- Full Benefits - Medical, Dental, and Vision Insurance
- Flexible vacation and sick days
- Technology (hardware, software, reading materials, etc..) allowance
At Dutchie, we’re committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Dutchie believes that diversity and inclusion among our teammates is critical to our success, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool.