Staff Application Security Engineer (Remote)
About Dutchie
Founded in 2017, Dutchie is a comprehensive technology platform powering dispensary operations, while providing consumers with safe and easy access to cannabis. Dutchie aims to further support the positive societal change the cannabis industry brings to the world through wellness benefits, social justice, and empowering local communities through tax revenue. Powering thousands of dispensaries across 40+ markets throughout the United States and Canada, Dutchie is the leading technology company in the cannabis space and was named in Fast Company’s 10 Most Innovative Companies in North America and listed two years in a row on LinkedIn’s Top 50 Startups.
Dutchie has raised over $600M in funding to date, backed by D1 Capital Partners, Tiger Global, Dragoneer, DFJ Growth, Thrive Capital, Howard Schultz, Snoop Dogg’s Casa Verde Capital, Gron Ventures, members of the founding team at DoorDash, Kevin Durant’s Thirty Five Ventures, and other notable angel investors.
What You’ll Do…
- Act as a subject matter expert on information security for your respective business units. Identify, measure, and report on security and privacy risks
- Help product managers prioritize roadmap items in order to balance security and business risks
- Identify cross-dependent security concerns and work with security engineering teams to develop common solutions and infrastructure
- Perform security reviews and threat modeling sessions for new product features and document legacy systems
- Ensure that product development teams are adding defense in depth controls as early as feasible in the software development lifecycle
- Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls
- Strong business sense, with entrepreneurial or startup experience preferred
- 5 (or more) years of demonstrated experience in application development, strategy, and market research
- Previous professional information security experience, with penetration testing or "breaker" experience preferred
- Exceptional and demonstrable interpersonal and communication skills
- Natural leadership instincts with proven ability to innovate
- Ability to work well with designers and engineers
- An analytical and metrics driven work style
- Prior experience at a startup or consumer internet company
- Ability to script tasks for gathering and sharing metrics
It's a Bonus If You...
- Security certifications or portfolio of security training.
- Hands-on understanding of OWASP Top 10
- Familiarity with Zero Trust Network Access technologies and paradigms
- Ruby (Rails), Nodejs, Terraform, and/or Python
- Experience with vulnerability validation in the context of a product development team and ensuring teams are able to understand vulnerabilities beyond their clinical definitions
- Kubernetes security architecture experience
#LI-JF1
You’ll Get…
- Competitive Salary
- Equity
- 401(k)
- Full Benefits - Medical, Dental, and Vision Insurance
- Flexible vacation and sick days
- Technology (hardware, software, reading materials, etc..) allowance
At Dutchie, we’re committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Dutchie believes that diversity and inclusion among our teammates is critical to our success, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool.