Security Engineer II


Las Vegas, NV, USA

Full time

Aug 5

This job is no longer accepting applications.

Curaleaf Holdings, Inc. (CSE: CURA) (OTCQX: CURLF) (Curaleaf) is a leading U.S. provider of consumer products in cannabis, with a mission to improve lives by providing clarity around cannabis and confidence around consumption. As a vertically integrated, high-growth cannabis operator known for quality, expertise, and reliability, the company and its brands, including Curaleaf and Select provide industry-leading service, product selection, and accessibility across the medical and adult-use markets. Curaleaf currently operates in 23 states with 106 dispensaries, 22 cultivation sites, and over 30 processing sites, and employs over 4,600 team members across the United States. Home | Curaleaf | Cannabis with Confidence

Our corporate social responsibility is Rooted In Good  Diversity, Equity, Inclusion + Social Equity + Sustainability Social Responsibility | Curaleaf | Cannabis with Confidence We believe in taking corporate and social responsibility very seriously, from our educational outreach to national partnerships, state-wide initiatives and local causes. Giving back to the communities where we operate is important to us, and helps to change old attitudes by showing the positive impact of cannabis in creating jobs, changing lives, and helping local communities.

We educate. We advocate. We give.

The IT Security Engineer II is responsible for developing, testing, implementing, supporting, and maintaining IT compliance controls and application solutions.  Curaleaf maintains a 100% cloud based environment rooted in Microsoft Azure.

Position is Remote with minor travel for occasional training or corporate meetings.

Essential Duties and Responsibilities

Provides guidance on managing and mitigating IT security risk related to Curaleaf cloud network infrastructure and application solutions.

Assists IT with maintaining compliance with various regulatory requirements including, HIPAA, SOX, CCPA and GDPR

Monitors, researches, analyzes, and interprets federal and state regulations to determine applicability and risks to IT operations.

Assists in the design, development, testing, documentation and implementation of Information Security application solutions, security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security management system.

Updates existing information security policies, standards, guidelines, and procedures based on industry best practices and regulatory requirements.

Conducts security reviews to ensure that Curaleaf information resources follow company policies and guidelines, and local, state, and federal regulations.

Investigates and responds to security alerts generated by information security systems.

Performs technical analysis with a variety of Information Security Tools and techniques to identify, analyze, and resolve security threats, vulnerabilities, events, and incidents.

Coordinates with internal and external stakeholders to remediate or mitigate security vulnerabilities, events, and incidents.

Assists with the preparation for periodic audits of internal data security controls to validate effectiveness, identify risks, and promote continuous improvement.

Provides administrative support on Security awareness program and other operational security activities.

Periodically reviews security audit logs.

Conducts relevant research, data analysis, and developing reports.

Participates in team problem solving efforts and offer ideas to solve issues.

Other duties as required and assigned.


Good working knowledge of Information Security principles and practices.

Some working knowledge of HIPAA, SOX, GDPR and CCPA

Solid working knowledge of Microsoft security tools, and other data security standards and protocol or security software

Technical support processes and protocol.

 Must Have Skills

Basic understanding of TCP/IP and networking fundamentals.

Excellent verbal, written, and interpersonal communication skills, including explaining technical concepts in non-technical terms.

Effectively using organizational and planning skills with attention to detail and follow-through.

Tracking, troubleshooting, and resolving user problems.

Efficiently meeting deadlines, schedules, and target dates.

Maintaining confidentiality of work-related information and materials.

Establishing and maintaining effective working relationships.

Nice to Have Skills

Experience in multiple Information Security disciplines/domains.

Hands-on experience with a variety of Cloud based Information Security systems and tools, such as Security Information Event Management, Vulnerability Management, Intrusion Detection/Prevention, Web Content Filtering, Anti-Virus/Malware and Data Loss Prevention

Strong understanding of Cloud threat landscape and mitigation processes.

MITRE ATT&CK, NIST800-53 or 800-210, ISO27001:2018, CIS or comparable framework experience.

Required Work Experience and Education

Minimum of 1 to 3 years working experience in Information Technology or Information Security field.

Will accept technical AAS degree in an information security related discipline in lieu of two years’ experience.

Security Certification highly desirable (Security+, ITIL, GCLD, or any one Microsoft Cloud Security).

Special Requirements

Must be a positive team contributor.

Comfortable working within the cannabis industry.

Subject to background check per state cannabis requirements. 

Curaleaf is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

You must be logged in to to apply to this job.


Your application has been successfully submitted.

Please fix the errors below and resubmit.

Something went wrong. Please try again later or contact us.

Personal Information


View resume



Cannabis with confidence