\nAbout Buoy Software\n\n\nOur mission is to deliver the best experience possible to as many donors of blood products (such as plasma) as possible, in as many communities as possible. We use our understanding of blood product donation and the industry’s regulations and pair them with our extensive consumer product experience to enrich the lives of our members and improve health outcomes for patients everywhere. \n\n\nIn an industry that hasn’t seen innovation in more than two decades, Buoy’s software streamlines the donation process allowing our business to promote loyalty while improving efficiency in a donation center. In turn, the increase in blood product donations improves a supply level that is at an all time low, and allows for blood-product derived biotherapies to continue to evolve, improve, and save lives for those who face life-threatening conditions (i.e. immune deficiencies and blood disorders). Without an increase in blood product donations, we are facing a worldwide health crisis that ultimately results in rationing of care without the proper resources. Buoy Software is excited to be playing more of a role in improving the state of blood products and blood product donations.\n\n\nWe’re working alongside Join Parachute ([www.joinparachute.com/](http://www.joinparachute.com/)) in the opening of small market donation centers across the country that will create local donation center careers, opportunities to donate blood products, and provide financial compensation for those donations that will have a positive economic impact in those communities. \n\n\nThe need for blood products is growing rapidly. We want to close the gap in blood product supply and demand by empowering organizations with the right tools. Buoy is the intuitive, data-driven mobile application for donors.\n\n\nAbout The Role\n\n\nWe're looking for a Security and Risk Engineer to join our team. You should be someone who is comfortable and experienced in risk management and code review. This role will work closely with specific product engineering pods, owning all security controls and documentation for assigned pods. You should have an eye for continuous improvement, risk and vulnerability management, and security compliance.\n\n\n\nWhat you’ll do:\n* Oversee vulnerability and security risk management including, but not limited to, vulnerability and risk identification/assessment, crafting mitigation proposals, tracking mitigation status, and testing and validating mitigation methods\n* Oversee security compliance activities including, but not limited to, hazard analyses, threat modeling, root cause analysis, and creating, updating, and maintaining policies and other relevant documentation\n* Manage continuous monitoring and auditing processes to detect and respond to security incidents\n* Perform code assessments to determine any impacts for Buoy’s applications\n* Responsible for defining, implementing, evaluating, and maintaining the effectiveness of security and risk controls\n* Identify current and emerging issues including security trends, vulnerabilities, and threats\n* Collaborate with team members and stakeholders on projects and audits\n* Design security controls that increase operational efficiency and reduces the likelihood of control failure\n* Perform third party security assessments\n* Educate and train staff on security best practices\n\n\n\nWho you are: \n* You have experience with threat modeling analysis such as STRIDE and Attack Tree methodologies.\n* You have experience with software as a service.\n* You are a self starter. You enjoy working in an environment where you have a lot of autonomy. You are not one to wait around to be given work, but are always looking for ways in which you can provide support for your colleagues.\n* You can adapt to change quickly and thrive in an environment where every day is different / you own a variety of tasks.\n* You are a team player. Everyone contributes within the Buoy team, and you want to help the team get the job done when needed, regardless of initial ownership.\n* You are professional in your collaboration and communication methods. You can represent Buoy and our values both internally and externally (with vendors / partners) as needed.\n\n\n\nIn the first 30 days, you will…\n* Be introduced to the team - we’ll help you start to get to know your colleagues, point of contacts for various scenarios, understanding dynamics within the broader org.\n* Learn how Buoy Software operates internally - we’ll help you get accustomed to Buoy’s process, engineering terminology, and other cultural aspects of working here.\n* Go through product demos to start to understand Buoy Software and how it works for both donors experience and donor processing.\n* Begin meeting with and getting to know your direct manager who will share various projects and goals for this role to provide guidance as you settle into the position.\n* Review existing security documentation and determine gaps or improvements.\n* Hit the ground running!\n\n\n\nIn the first 60 days, you will…\n* Understand goals for your respective pods over the next 6 - 12 months.\n* Begin implementing solutions for gaps identified and performing all duties related to continuous management of security for your pods.\n* Become more familiar with workflows and processes.\n* Become more autonomous as you work with your pods and other stakeholders.\n* Start to define timelines for various projects with your manager to help prioritize your focus and align them with the goals for this role.\n* Begin to suggest changes and improvements to the security program and/or internal processes.\n\n\n\nIn the first 90 days, you will…\n* Meet with stakeholders across the broader Buoy Software organization.\n* Become more familiar with the other departments across Buoy Software (including leadership, support, customer success, marketing, and people ops).\n\n\n\n\n\n$120,000 - $140,000 a year\n\nWhere you'll be\nWe are fully remote. We deeply believe in distributed teams at Buoy. We build projects around motivated individuals. We give our team the environment, support and trust they need to get the job done. \n\n\nWe are only considering candidates currently based in the United States at this time. \n\n\n---\nEmployment at Buoy Software is contingent upon achievement of satisfactory results on your background check and reference check and your ability to provide proof of your identity and eligibility to accept employment in the United States. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to Developer, Testing, Mobile and Engineer jobs that are similar:\n\n $60,000 — $102,500/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nRemote

\nGreen Thumb owns and operates RISE Dispensaries, a fast-growing national cannabis retailer that promotes social conscience, community impact and well-being through the power of cannabis. Since opening its doors in 2015, RISE has grown its national footprint to 80+ retail locations and serves millions of patients and customers each year, offering a wide variety of products and award-winning brands. RISE Dispensaries lead innovative access to cannabis by offering home delivery, virtual pharmacist consultations, mobile pre-ordering and the first consumption lounge east of the Mississippi at RISE Mundelein, Illinois. More information is available at risecannabis.com.\n\nThe Role \n\nGTI has opportunities for a Security Operations Center (SOC) Specialist. The Security Operations Specialist will be responsible for maintaining the safety and security of our operation, ensuring compliance with regulatory standards, and managing business continuity in cases of disruptions.  The successful candidate will be expected to monitor and respond to security incidents, conduct investigations, develop and implement security programs, and communicate with internal and external partners as necessary. The ideal SOC Specialist is a process-driven individual that has a passion for analysis, problem-solving, communication, and collaboration.  \n\nResponsibilities \n\n\nSOC Specialists provide proactive support to business operations and serve as triage specialists responding to all types of business disrupting events.  Must display exceptional quality customer service and communication skills. \n\nAbility to handle both common and crisis situations calmly and efficiently. \n\nCentrally coordinate and support field response to all disruptions: security incidents, compliance issues, health & life safety events, site & infrastructure issues, and natural disasters. \n\nProactively monitor CCTV cameras and security systems to ensure safety, compliance, and business operations requirements. \n\nContinuously monitor the environment, analyze risk, and provide situational awareness to the organization.  Performs risk assessments, team member escorts, emergency response and regular remote assessments to identify security and safety hazards and policy violations. \n\nCommunicates incidents to employees and executive leadership, using clear and concise written and verbal communications. \n\nMonitor alarm response for various types of alarms, escalating notifications as necessary and dispatching emergency response as necessary. \n\nProvide operational support, maintenance management, and ticket troubleshooting for all security related systems including CCTV, access control, alarms, safes, mobile tracking technologies. \n\nConduct routine alarm testing and remote audits. Update user credentials.  Support remote programming and overrides. Maintain daily logs and prepares and provides reports as required. \n\nCoordinate all service calls for security related equipment through field response vendor network. \n\nExecute incident management protocols and facilitate case management processes for incidents. \n\nPartner with our Asset Protection Solutions team to define and implement processes and standard work for the security operations function, including security playbook development, emergency operation plans, and other business continuity plans. \n\nLiaise with local law enforcement and other first responders during incidents and provide incident notification during events. \n\nMaintain current and applicable training on systems in use in order to provide proper guidance to business operators; accurately maintain control of all equipment and credentials at the SOC. \n\nWork with leadership to identify process and quality improvements and productivity and cost reduction opportunities. \n\n\n\n\nQualifications  \n\n\nHigh School Diploma or equivalent. College degree preferred. \n\n3 or more years of progressively responsible and relevant work experience; experience working in a Dispatch or Emergency Operations Center preferred. \n\nExperience using CCTV and alarm monitoring software in coordination with a communications center or Security Operations Center. \n\nDemonstrated knowledge of security systems for access control, CCTV systems, badging systems, alarm monitoring systems \n\nExperience or familiarity with corporate intelligence, military intelligence or government intelligence agencies desired but not needed. \n\nAbility to effectively communicate verbally or in writing in a clear and concise manner while in stressful situations. \n\nAbility to work nights/weekends; flexibility to work all shifts, and willing to assist the team with overtime when needed. \n\nComfortable working with ambiguity. \n\nAdapts and thrives in a demanding, fast-paced environment. \n\nOperates with a high level of professionalism and integrity, including dealing with confidential information. \n\nPossesses a high level of critical thinking. \n\nMust understand and comply with the rules, regulations, policies, and procedures of Green Thumb. \n\nAbility work 4 shifts a week for 10 hours each day.\n\n\n\n\nAdditional Requirements \n\n\nMust pass all required background checks  \n\nMust be and remain compliant with all legal or company regulations for working in the industry  \n\nMust possess valid driver’s license \n\nMust be a minimum of 21 years of age \n\nMust be approved by state badging agency to work in cannabis industry \n\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to Testing, Mobile and Legal jobs that are similar:\n\n $50,000 — $110,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nMundelein, Illinois, United States