IT Security Engineer

Job description

COMPANY OVERVIEW

Cresco Labs is one of the largest public, vertically integrated, multistate operators in the cannabis industry. Our portfolio of in-house cultivated and manufactured brands features some of the highest quality, most awarded and most popular cannabis products in America. With dozens of locations nationwide, our owned and operated Sunnyside® dispensaries provide a welcoming, positive, judgement-free place to shop for anyone at any point on their cannabis journey.

Founded in 2013, Cresco Labs’ mission is to normalize and professionalize cannabis through our passionate employees. As stewards of the cannabis industry, our teams are constantly focused on supporting the needs of our fellow colleagues, consumers, customers, and communities alike. With a focus on Social Equity and Educational Development, our SEEDTM initiative ensures that our company reflects the communities in which we serve, ensuring equal opportunity for all to have the knowledge and resources to work in and own businesses in cannabis.

At Cresco Labs, we aim to revolutionize and lead the nation’s cannabis industry with a focus on quality and consistency of product, and to bring legitimacy to the industry with the highest level of integrity and professionalism.

If you’re interested in joining our mission, click the below links to join our team today!

MISSION STATEMENT

At Cresco, we aim to lead the nation’s cannabis industry with a focus on regulatory compliance, product consistency, and customer satisfaction. Our operations bring legitimacy to the cannabis industry by acting with the highest level of integrity, strictly adhering to regulations, and promoting the clinical efficacy of cannabis. As Cresco grows, we will operate with the same level of professionalism and precision in each new market we move in to.

JOB SUMMARY

The IT Security Engineer Role will report directly to the Sr IT Security Manager. The primary focus of this role will be to support the compliance requirements of the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley Act (SOX) for the business.Key activities for the role include planning and implementing security policy and procedure, assessing and addressing security vulnerabilities, responding to security incidents, monitoring security performance, engineering cybersecurity architecture, and developing and implementing Cresco’s information security strategy.

CORE JOB DUTIES

• Collaborate with Information Security and other IT teams to identify security risks, control gaps, and system vulnerabilities, and lead efforts to remediate issues in a timely and effective manner. Continuously develop strong controls around Identity and Access Management (IAM), such as creating conditional access policies, identity governance practices, and privileged access management policies.

• Support IT General Controls (ITGC) activities by creating and maintaining audit-ready documentation, including detailed architectural diagrams and technical materials that illustrate security controls, data flows, and system integrations. Collaborate with internal and external auditors to ensure compliance with security and governance standards.

• Administer and maintain core security and compliance tools across the Microsoft ecosystem, including Microsoft Entra ID, Microsoft Defender (Endpoint, Cloud, O365), Microsoft Purview, Microsoft Sentinel, Tanium, and other Microsoft Azure services.

• Ensure consistent configuration, monitoring, and policy enforcement across Microsoft 365 and Azure environments.

• Secure network and endpoint environments by managing Cisco Meraki firewalls, ACLs, and VPNs, implementing intrusion detection/prevention systems (IDS/IPS), and maintaining endpoint protection solutions to ensure robust threat defense and network segmentation.

• Assist the Security Operations Center (SOC) in monitoring SIEM alerts, investigating security. events, and responding to incidents to ensure timely threat detection and remediation.

• Rotating on-call schedule to allow for cross coverage.

REQUIRED EXPERIENCE, EDUCATION AND SKILLS

• Experience with security frameworks (HIPAA, SOC 2, HiTrust, NIST, ISO27001).

• Security certification strongly preferred; examples include Microsoft Certified: Azure Security Engineer Associate, CompTIA Security+, ISC2 certifications, or GIAC certifications such as GSEC, GCIA, or GMON.

• Technical expertise in computer networking, Microsoft Azure, and Microsoft 365 cloud environments, including configuration, management, and security best practices.

• Demonstrates strong organizational skills and the ability to communicate effectively through clear, concise written and verbal communication.

• Self-motivated and proactive, with the ability to work independently, take ownership of projects, and drive tasks to completion with minimal supervision.

• Bachelor’s degree in MIS, Computer Science, or Cybersecurity preferred, or sufficient experience in relevant fields.

BENEFITS

Cresco Labs is proud to offer eligible employees a robust offering of benefits including, major medical, dental and vision insurance, a 401(K)-match program, FSA/HSA programs, LTD/STD options, life insurance and AD&D.  We also offer eligible employees paid holidays and paid time off.  Other rewards may include annual discretionary bonuses, stock options as well as participation in our employee discount program. Benefits eligibility for permanent positions may vary by full-time or part-time roles, location, or position.

In accordance with any local and state compensation laws, the compensation listed is the current estimated range for the position. Final offer details and future compensation may be determined by multiple factors including but not limited to, geographic location, market compensation data, skills, experience, and other relevant factors. For questions about this please discuss with your recruiter during the interview process.

Pay Range

$81,000—$121,000 USD

ADDITIONAL REQUIREMENTS

• Must be 21 years of age or older to apply
• Must comply with all legal or company regulations for working in the industry

Cresco Labs is an Equal Opportunity Employer and all applicants will be considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.

California Consumer Privacy Act (“CCPA”) Notice to Applicants:

Please read the California Employee Privacy Notice (“CA Privacy Notice”) regarding Sunnyside* and its affiliate Cresco Labs’ policies pertaining to the collection, use, and disclosure of personal information. This CA Privacy Notice supplements the information contained in the Sunnyside* Privacy Policy and applies to California resident employees and job applicants. Applicants with disabilities may access this notice in an alternative format by contacting [email protected]

Reporting a Scam: Cresco Labs is aware of fictitious employment offers being circulated from various sources. Many of these schemes consist of an alleged offer of employment with Cresco Labs with the intention of gaining personal information, including payment and/or banking information. Be aware that fraudulent job offers and correspondence may appear legitimate: they may feature a Cresco Labs logo, they may appear to originate from an official-looking email address or web site, or they may be sent by individuals purporting to represent Cresco Labs or an entity which includes the word Cresco Labs in its name. Please note that Cresco Labs does not ask for payment or personal banking information as a condition of employment. Any personal information is requested for payroll or state badging purposes only. Applications can be securely submitted through our career’s pages.

We are working diligently to block this from happening. Beware if an offer of employment looks too good to be true. Never divulge personal and banking information or send money if you are unsure of the authenticity of an email or other communication in the name of Cresco Labs.

If you are in doubt, please contact us at [email protected] with questions.