COMPANY OVERVIEW

Cresco Labs is one of the largest public, vertically integrated, multistate operators in the cannabis industry. Our portfolio of in-house cultivated and manufactured brands features some of the highest quality, most awarded and most popular cannabis products in America. With dozens of locations nationwide, our owned and operated Sunnyside® dispensaries provide a welcoming, positive, judgement-free place to shop for anyone at any point on their cannabis journey.
Founded in 2013, Cresco Labs’ mission is to normalize and professionalize cannabis through our passionate employees. As stewards of the cannabis industry, our teams are constantly focused on supporting the needs of our fellow colleagues, consumers, customers, and communities alike. With a focus on Social Equity and Educational Development, our SEEDTM initiative ensures that our company reflects the communities in which we serve, ensuring equal opportunity for all to have the knowledge and resources to work in and own businesses in cannabis.
At Cresco Labs, we aim to revolutionize and lead the nation’s cannabis industry with a focus on quality and consistency of product, and to bring legitimacy to the industry with the highest level of integrity and professionalism.
If you’re interested in joining our mission, click the below links to join our team today!

JOB SUMMARY

The IT Security Engineer Role will report directly to the Sr IT Security Manager. The primary focus of this role will be to support the compliance requirements of the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley Act (SOX) for the business. Key activities for the role include planning and implementing security policy and procedure, assessing and addressing security vulnerabilities, responding to security incidents, monitoring security performance, engineering cybersecurity architecture, and developing and implementing Cresco’s information security strategy.

REQUIRED EXPERIENCE, EDUCATION AND SKILLS

• Experience with security frameworks (HIPAA, SOC 2, HiTrust, NIST, ISO27001).
• Security certification strongly preferred; examples include Microsoft Certified: Azure Security Engineer Associate, CompTIA Security+, ISC2 certifications, or GIAC certifications such as GSEC, GCIA, or GMON.
• Technical expertise in computer networking, Microsoft Azure, and Microsoft 365 cloud environments, including configuration, management, and security best practices.
• Demonstrates strong organizational skills and the ability to communicate effectively through clear, concise written and verbal communication.
• Self-motivated and proactive, with the ability to work independently, take ownership of projects, and drive tasks to completion with minimal supervision.
• Bachelor’s degree in MIS, Computer Science, or Cybersecurity preferred, or sufficient experience in relevant fields.

ADDITIONAL REQUIREMENTS

• Must be 21 years of age or older to apply
• Must comply with all legal or company regulations for working in the industry
  Cresco Labs is an Equal Opportunity Employer and all applicants will be considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.

CORE JOB DUTIES

• Collaborate with Information Security and other IT teams to identify security risks, control gaps, and system vulnerabilities, and lead efforts to remediate issues in a timely and effective manner. Continuously develop strong controls around Identity and Access Management (IAM), such as creating conditional access policies, identity governance practices, and privileged access management policies.
• Support IT General Controls (ITGC) activities by creating and maintaining audit-ready documentation, including detailed architectural diagrams and technical materials that illustrate security controls, data flows, and system integrations. Collaborate with internal and external auditors to ensure compliance with security and governance standards.
• Administer and maintain core security and compliance tools across the Microsoft ecosystem, including Microsoft Entra ID, Microsoft Defender (Endpoint, Cloud, O365), Microsoft Purview, Microsoft Sentinel, Tanium, and other Microsoft Azure services.
• Ensure consistent configuration, monitoring, and policy enforcement across Microsoft 365 and Azure environments.
• Secure network and endpoint environments by managing Cisco Meraki firewalls, ACLs, and VPNs, implementing intrusion detection/prevention systems (IDS/IPS), and maintaining endpoint protection solutions to ensure robust threat defense and network segmentation.
• Assist the Security Operations Center (SOC) in monitoring SIEM alerts, investigating security. events, and responding to incidents to ensure timely threat detection and remediation.
• Rotating on-call schedule to allow for cross coverage.