Senior Security Engineer at Distru

United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Cybersecurity, Bioinformatics, HealthcareIndustries

Requirements

5+ years of experience in security engineering, DevSecOps, or infrastructure security roles
Deep technical understanding of cloud security (AWS, OCI) and on-prem environments
Experience with container security, CI/CD hardening, key/secret management, and secure software development practices
Hands-on experience with security audits and penetration testing, whether conducted in-house or via third parties
Proven ability to create and execute security certification roadmaps (SOC 2, HIPAA, ISO 27001, etc.)
Strong documentation practices; able to write clear runbooks, security policies, and architecture diagrams
Comfortable working in highly customized, complex environments
Strong understanding of Linux, networking, authentication, and monitoring
Ability to operate autonomously while collaborating across multiple disciplines and technical stacks
Experience using AI or ML tools to enhance security initiatives, such as accelerating threat detection, automating security monitoring, improving anomaly detection, or integrating AI-driven platforms into incident response workflows

Responsibilities

Lead the planning and execution of offensive security testing across web applications, APIs, infrastructure, and networks
Conduct manual and automated penetration testing and vulnerability assessments; document findings and guide remediation
Work with DevOps, architects, and engineering leads to embed security throughout CI/CD, infrastructure, and data workflows
Plan and run regular security audits and threat modeling sessions; coordinate with third-party firms when needed
Proactively identify and resolve security gaps in complex, custom systems spanning cloud and on-prem environments
Design, implement, and maintain security controls, tooling, and detection capabilities that scale with the business
Develop roadmaps for security certifications (e.g., HIPAA, SOC 2, ISO 27001) and lead technical implementation efforts
Manage incident response procedures, conduct postmortems, and implement long-term prevention measures
Create and maintain high-quality documentation for security processes, infrastructure risks, and compliance status
Stay current on threat landscapes, tools, and best practices relevant to ecommerce, health data, and hybrid infrastructures

Skills

Key technologies and capabilities for this role

Penetration TestingVulnerability AssessmentThreat ModelingOffensive SecurityCI/CD SecurityHIPAASOC 2ISO 27001Incident ResponseCloud SecurityOn-Prem SecuritySecurity AuditsWeb Application SecurityAPI Security

Questions & Answers

Common questions about this position

What experience level is required for this Senior Security Engineer role?

The role requires 5+ years of experience in security engineering, DevSecOps, or infrastructure security roles.

What are the key technical skills needed for this position?

Key skills include deep technical understanding of cloud security (AWS, OCI) and on-prem environments, experience with container security, CI/CD hardening, key/secret management, secure software development practices, penetration testing, security audits, Linux, networking, authentication, and monitoring.

Is this a remote position or does it require office work?

This information is not specified in the job description.

What is the salary or compensation for this role?

This information is not specified in the job description.

What makes a strong candidate for this Senior Security Engineer position?

A strong candidate has 5+ years in security roles, hands-on penetration testing and audit experience, proven ability to create security certification roadmaps like SOC 2 and HIPAA, strong documentation skills, and the ability to work autonomously in complex environments while collaborating across teams.

Distru

Software solutions for cannabis manufacturers and distributors

About Distru

Distru provides software solutions tailored for the cannabis industry, focusing on the needs of manufacturers and distributors. Their platform includes features for inventory management, order management, and customer relationship management (CRM), all designed to be accessible on mobile devices and tablets. This ensures that users can manage their operations from anywhere. A key aspect of Distru's software is its integration with Metrc, a system that helps businesses track their products and comply with legal regulations. By offering tools that support the entire process from seed to sale, Distru helps clients improve their operational efficiency and maintain compliance. The company operates on a subscription-based model, charging fees for its software-as-a-service (SaaS) offerings, and aims to provide real-time business insights and comprehensive supply chain management.

Oakland, CaliforniaHeadquarters

2016Year Founded

$8.8MTotal Funding

SERIES_ACompany Stage

Enterprise SoftwareIndustries

11-50Employees

Benefits

Remote Work Options

Health Insurance

Dental Insurance

Vision Insurance

Paid Vacation

Performance Bonus

Risks

Increased competition from new cannabis ERP platforms may dilute market share.

Frequent regulatory changes could raise operational costs for compliance updates.

Rapid tech advancements require continuous innovation, straining Distru's resources.

Differentiation

Distru offers a comprehensive ERP platform tailored for the cannabis industry.

The platform integrates with Metrc for compliance, enhancing legal adherence for clients.

Distru's mobile-friendly design ensures accessibility across various devices and browsers.

Upsides

Recent $6M funding will accelerate product development and state expansion.

Integration with BLAZE reduced Haven's intake processing time by 50%.

Partnership with FundCanna offers clients quick access to capital and technology.

Land your dream remote job 3x faster with AI

Try Jobo Free