Security Engineer II


Unfortunately this job has expired.

Unfortunately the vacancy for Security Engineer II has been filled or closed by Curaleaf, but don't worry, we can still help! We'll collect some similar roles below for you.

Job Description

Curaleaf Holdings, Inc. (CSE: CURA) (OTCQX: CURLF) ("Curaleaf") is a leading international provider of consumer products in cannabis, with a mission to improve lives by providing clarity around cannabis and confidence around consumption. As a high-growth cannabis company known for quality, expertise, and reliability, the company and its brands, including Curaleaf and Select provide industry-leading service, product selection, and accessibility across the medical and adult-use markets. In the United States, Curaleaf currently operates in 23 states with 130 dispensaries, 25 cultivation sites, and over 30 processing sites, and employs over 5,000 team members. Curaleaf International is the leading vertically integrated cannabis company in Europe with a unique supply and distribution network throughout the European market, bringing together pioneering science and research with cutting-edge cultivation, extraction, and production.  Home | Curaleaf | Cannabis with Confidence

Our corporate social responsibility is Rooted In Good  Diversity, Equity, Inclusion + Social Equity + Sustainability Social Responsibility | Curaleaf | Cannabis with Confidence We believe in taking corporate and social responsibility very seriously, from our educational outreach to national partnerships, state-wide initiatives and local causes. Giving back to the communities where we operate is important to us, and helps to change old attitudes by showing the positive impact of cannabis in creating jobs, changing lives, and helping local communities.

We educate. We advocate. We give.

Job Summary:

The Security Engineer is a member of the IT security operations team and works closely with the other members of the IT security team in support of a comprehensive IT security program. This role is an experienced-level engineer that is responsible for monitoring various IT security appliances to identify events that require escalated analysis, address tickets and review suspicious activity. The Security Engineer reports to the Director of Information Technology Security for Curaleaf.

Duties include planning and implementing security measures and policies to protect computer systems, networks and data.  The security engineer is expected to stay up-to-date on the latest intelligence, including hackers’ methodologies, to anticipate security breaches. The Security Engineer is  responsible for researching new technologies that will effectively protect a network.  This position also is responsible for helping to analyze manage and follow-up on security incidents.

The Security Engineer will have experience in executing the full compliment of Information Security solution identification and implementation from requirements definition, to architecture, design, implementation, and test through deployment and operations and support.

Essential Job Functions:

  • Perform the necessary efforts to analyze, assess, evaluate, integrate, improve, implement, test, sustain, and maintain the system IT security posture and capabilities.
  • Review and address security tickets such as phishing reports, scanning requests, malware reports, etc.
  • Perform all necessary IT domain activities to ensure the system baselines follow the respective network domain mandated standards, and authorization to connect requirements.
  • Develop and document security design artifacts and the associated security controls that are meeting the security acceptance criteria.
  • Assist with risk assessments.
  • Assist with security test evaluations and audits.
  • Analyze and contribute to security requirements for information protection for enterprise systems and networks.
  • Assist in the development of security policies.
  • Analyze the sensitivity of information and perform vulnerability and risk assessments based on defined sensitivity and information flow.
  • Assess security risk, research and recommend countermeasures in accordance with Curaleaf requirements, conduct formal security assessments and security assessments.
  • Participate in incident management bridge calls and chats with production management, application development, infrastructure teams, and senior leadership with the purpose of remediating incidents quickly.
  • Adhere to critical process and procedure, and appropriate escalations in support of production incidents.
  • Apply technical and environmental knowledge and experience to develop and drive appropriate work streams, forming paths to resolution.
  • Create clear and concise communications, summarizing incidents and the business/customer experience to a wide group of technical and non-technical audiences.
  • Ensure incident data is accurately captured and documented in the incident recording tools.
  • Priming appropriate materials and follow-ups to hand off to the Root Cause Analysis phase in the Problem Management process.



  • Minimum Security+ or equivalent certifications
  • Minimum of 2-3 years of experience in Information Security and AA/AS degree

Knowledge, Skills, & Abilities:

  • Have knowledge of Encryption, DLP, Endpoint Protection and CASB
  • Proficient with web content filtering
  • Capable of creating security documentation and SOPs
  • Proficient in Microsoft O365 and Azure AD
  • Knowledge of ticketing systems
  • Knowledge of Microsoft Defender Suite is preferred
  • Experience with vulnerabily scanners
  • Basic knowledge of networks and the OSI model

This job description should not be interpreted as all-inclusive; it is intended to identify major responsibilities and requirements of the job. The employee in this position may be requested to perform other job-related tasks and responsibilities than those stated above. 

Hiring range for this position is $81,000.00 - $98,000.00 per year.




Curaleaf is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.