Staff Application Security Specialist

Hi there! Thanks for stopping by 👋

Are you actively looking for a new opportunity? Or just checking the market? Well… you might just be in the right place!

We are looking for a Staff Application Security Specialist to join our team. Within the Security team, you will improve the robustness of our security engineering practices, tools and product while building a healthy security culture across Lightspeed. 

In this role you will be providing support to deliver the Information Security program by leading and empowering a team of information security subject matter experts, and collaboratively working with various Lightspeed business functions. You will be managing the maturation of the security and compliance program, delivering alignment with the Information Security requirements in support of Lightspeed business objectives.

You will be responsible for:

• ascertaining the level of security and reliability of the assets
• supporting application security services
• automating security tasks throughout the software development lifecycle
• mentoring, training stakeholders on application, infrastructure, mobile, network security risks and security concepts

We’re not an ordinary company, so we don’t expect you to be either. If you love learning new stuff and enjoy digging into hard work - keep on reading!

We’re passionate about enabling people to do their best work. We dream big and we’re looking for people who do the same. With us, career milestones happen often and we celebrate every one. Come work with us and find out where your career will take you at Lightspeed!

We are a lean, multidisciplinary team driving to be progressive in our approach to security and the security culture at Lightspeed. Our mission is to cultivate trust with people by keeping their data and systems resilient to threats.

Primary Responsibilities

• Be a subject matter expert to engineers empowering them to prevent weaknesses before they are shipped to our retailers
• Write code to develop security tools and libraries, to help integrate security early into the software development lifecycle
• Perform code reviews and penetration testing on our internal and external applications
• Help manage vulnerability reports from external security researchers through our bug bounty program
• Threat model existing applications
• Drive our secure SDLC program with product development teams ensuring secure coding practices, SAST, DAST, and pentesting activities occur consistently and remediations are prioritized
• Balance security risk and product advancement
• Assist in incident response when a security event occurs

Requirements

• Technical knowledge of security engineering, identity and access management, applied cryptography, and security protocols
• Knowledge of, and hands-on experience with application threat modeling, web application vulnerabilities and secure code reviews
• Knowledge of defensive security tools, techniques and procedures such as vulnerability scanning, IPS/IDS, WAF, etc.
• Knowledge of encryption concepts and cryptographic key management
• Knowledge of cloud infrastructure services such as AWS, GCP
• Previous software engineering experience in a production environment
• You can read, write, test and break code in one or more languages, ideally a mix of scripting languages and compiled languages, e.g. Python and Go
• Acting responsibly with sensitive and confidential information, and appreciate that some black-hat hackers work at unsociable hours

What's in It for You?

• Lots of autonomy, flexible work culture and possibility of remote work
• Development of very high traffic products, used at the global scale 
• Exposure to modern and proven technology 
• Tons of growth opportunities into technical or people management roles
• Amazing benefits & perks, including equity for all Lightspeeders
• Opportunity to join a fast-paced, high-growth company
• Opportunity to learn, expand your skill set, forge wonderful relationships and make your mark within the diverse and inclusive Lightspeed family, a true Canadian tech success story.

To all recruitment agencies: Lightspeed does not accept unsolicited agency resumes. If we have not directly engaged your company in writing to supply candidates for a specific vacancy, Lightspeed will not be responsible for any fees related to unsolicited resumes.

Where to from here?
Obviously, this has to be mutually beneficial: we want you to step into a role you love, and we want to offer you a place you’re proud to come to every day. For a glimpse into our world check out our career page here.

Lightspeed is building communities through commerce, and we need people from all backgrounds and lived experiences to do that. We were founded in 2005, in Montreal’s gay village and our original members were all part of the LGBTQ+ community. The ethos of our business has been about inclusion from the very beginning, and we strive to provide a workplace where everyone belongs.

Who we are:
Lightspeed (TSX/NYSE: LSPD) powers the businesses that are the backbone of the global economy.

Our one-stop commerce platform transforms and unifies digital and physical operations by enabling multichannel sales, expansion to new locations, global payments, financial solutions and connection to supplier networks. With the Lightspeed commerce platform, merchants in retail and hospitality can build thriving businesses for the future.

Headquartered in Montréal, Canada, Lightspeed is trusted by favourite local businesses, where the community goes to shop and dine in over 100 countries. Lightspeed has offices in Canada, the USA, Europe, Russia and APAC.

We’re passionate about enabling people to do their best work. We dream big and we’re looking for people who do the same. With us, career milestones happen often and we celebrate every one. Come work with us and find out where your career will take you at Lightspeed!