Senior Information Security Specialist

Here’s a little song we wrote about you: You're a Security Engineer  with a strong technical background. You'll be taking a leading technical role within Lightspeed in the definition, design and delivery of key security services across the organization's SaaS environments. You'll provide leadership and accountability for a range of deliverables, from initial stakeholder engagement through local governance, to technical implementation. You'll bring in-depth technical understanding and experience of public cloud, API and microservice based architectures to support both the high-level design and low-level engineering of the core security control framework and continuous compliance framework. You're pretty awesome at developing and implementing secure cloud architectures using a risk based cyber security & data privacy strategy, defining a roadmap and operating model that leverages collaboration and company-wide resources.

Now we get to brag about ourselves: Lightspeed provides retailers and restaurateurs the simplest way to build, manage, and grow their business while crafting a better customer experience. Lightspeed empowers small business owners with a complete overview of their business in one place thanks to Lightspeed’s mobile Point of Sale software and eCommerce platform to manage inventory, customer preferences, sales, and analytics to get a complete overview of their business in one place. Founded in 2005 with offices in Canada, USA, and Europe, Lightspeed has received one of the largest funding for a Canadian tech company which has us well positioned to become Canada's next great technology success story. We're passionate about enabling people to do their best work. Come work with us and find out what you can do.

Senior Information Security Specialist

Primary responsibilities

• Work closely with product engineering teams to design solutions that are secure by default
• Lead threat modeling discussions and help teams strike the right balance between security, user experience and product advancement
• Drive high impact, cross-team security initiatives 
• Scale security effort by empowering engineering teams with the right guidance, patterns and training
• Research and understand new threats and attack vectors that impact Lightspeed and work with system owners to craft appropriate detection and remediation initiatives
• Participate and contribute to the security strategy, articulating emerging cyber-attack and other security risks, and specifying the capabilities needed to manage them optimally, while leveraging a cloud-native and cloud-agnostic infrastructure.
• Partner with engineering to identify cyber attack risks in the system and define tactical and strategic mitigation plans, develop business cases for funding security initiatives, and advocate for security positions in key decisions and roadmaps
• Perform technical security assessments, threat modeling, architecture security reviews, and offer technical security guidance as a trusted security engineer
• Become a domain specialist in Lightspeed's technology stack, enthusiastically improving the overall security posture of various assets based on recent security trends

Requirements

• 5+ years of security engineering experience
• Excellent analytical skills. Demonstrable internal and external relationship building skills, and ability to clearly articulate complex security concepts that influence decision making within a diverse corporate culture.
• A solid understanding and experience with AWS and GCP security capabilities.
• Working knowledge and hands-on experience hardening cloud services.
• A solid technical understanding and experience of API and microservice based architectures.
• Strong Knowledge of DevOps and DevSecOps Practices such as having previously worked with container security, cloud providers, Infrastructure as Code (IaC), Cloud Build, Terraform, or other tools.

• Deep security technical knowledge. Expertise with threat modeling, application security assessments and design.
• Proven understanding of the MITRE ATT&CK, NIST CSF, and CIS Critical Control frameworks
• Prior experience working with engineering teams on design and implementation of best-practices
• Extensive experience crafting security controls for new and existing cloud-based products
• Proficiency with Linux systems at scale, associated intrusion/manipulation techniques, and standard methodologies for system hardening and risk mitigation
• Experience securing network protocol architectures and implementations

Assets

• Worked on the design and implementation of controls for security products
• Proficient at identifying product related vulnerabilities before deployment to production
• Adept at influencing product and engineering direction for improving overall security posture
• Holding a recognized security certification (e.g. CISSP, CSSP, CEH, etc.)

To all recruitment agencies: Lightspeed does not accept unsolicited agency resumes. If we have not directly engaged your company in writing to supply candidates for a specific vacancy, Lightspeed will not be responsible for any fees related to unsolicited resumes.

Where to from here?
Obviously, this has to be mutually beneficial: we want you to step into a role you love, and we want to offer you a place you’re proud to come to every day. For a glimpse into our world check out our career page here.

Lightspeed is building communities through commerce, and we need people from all backgrounds and lived experiences to do that. We were founded in 2005, in Montreal’s gay village and our original members were all part of the LGBTQ+ community. The ethos of our business has been about inclusion from the very beginning, and we strive to provide a workplace where everyone belongs.

Who we are:
Powering the businesses that are the backbone of the global economy, Lightspeed's one-stop commerce platform helps merchants innovate to simplify, scale, and provide exceptional customer experiences. Our cloud commerce solution transforms and unifies online and physical operations, multichannel sales, expansion to new locations, global payments, financial solutions, and connection to supplier networks.

Founded in Montréal, Canada in 2005, Lightspeed is dual-listed on the New York Stock Exchange (NYSE: LSPD) and Toronto Stock Exchange (TSX: LSPD). With teams across North America, Europe, and Asia Pacific, the company serves retail, hospitality, and golf businesses in over 100 countries.