Senior Information Security Specialist
Toronto, Ontario, Canada
Applications have closed
Lightspeed Commerce
Lightspeed is the fast, intuitive POS and payments platform helping the world’s best retail, hospitality and golf businesses get even better.Here’s a little song we wrote about you: You're a Security Engineer with a strong technical background. You'll be taking a leading technical role within Lightspeed in the definition, design and delivery of key security services across the organization's SaaS environments. You'll provide leadership and accountability for a range of deliverables, from initial stakeholder engagement through local governance, to technical implementation. You'll bring in-depth technical understanding and experience of public cloud, API and microservice based architectures to support both the high-level design and low-level engineering of the core security control framework and continuous compliance framework. You're pretty awesome at developing and implementing secure cloud architectures using a risk based cyber security & data privacy strategy, defining a roadmap and operating model that leverages collaboration and company-wide resources.
Now we get to brag about ourselves: Lightspeed provides retailers and restaurateurs the simplest way to build, manage, and grow their business while crafting a better customer experience. Lightspeed empowers small business owners with a complete overview of their business in one place thanks to Lightspeed’s mobile Point of Sale software and eCommerce platform to manage inventory, customer preferences, sales, and analytics to get a complete overview of their business in one place. Founded in 2005 with offices in Canada, USA, and Europe, Lightspeed has received one of the largest funding for a Canadian tech company which has us well positioned to become Canada's next great technology success story. We're passionate about enabling people to do their best work. Come work with us and find out what you can do.
Senior Information Security Specialist
Primary responsibilities
- Work closely with product engineering teams to design solutions that are secure by default
- Lead threat modeling discussions and help teams strike the right balance between security, user experience and product advancement
- Drive high impact, cross-team security initiatives
- Scale security effort by empowering engineering teams with the right guidance, patterns and training
- Research and understand new threats and attack vectors that impact Lightspeed and work with system owners to craft appropriate detection and remediation initiatives
- Participate and contribute to the security strategy, articulating emerging cyber-attack and other security risks, and specifying the capabilities needed to manage them optimally, while leveraging a cloud-native and cloud-agnostic infrastructure.
- Partner with engineering to identify cyber attack risks in the system and define tactical and strategic mitigation plans, develop business cases for funding security initiatives, and advocate for security positions in key decisions and roadmaps
- Perform technical security assessments, threat modeling, architecture security reviews, and offer technical security guidance as a trusted security engineer
- Become a domain specialist in Lightspeed's technology stack, enthusiastically improving the overall security posture of various assets based on recent security trends
Requirements
- 5+ years of security engineering experience
- Excellent analytical skills. Demonstrable internal and external relationship building skills, and ability to clearly articulate complex security concepts that influence decision making within a diverse corporate culture.
- A solid understanding and experience with AWS and GCP security capabilities.
- Working knowledge and hands-on experience hardening cloud services.
- A solid technical understanding and experience of API and microservice based architectures.
- Strong Knowledge of DevOps and DevSecOps Practices such as having previously worked with container security, cloud providers, Infrastructure as Code (IaC), Cloud Build, Terraform, or other tools.
- Deep security technical knowledge. Expertise with threat modeling, application security assessments and design.
- Proven understanding of the MITRE ATT&CK, NIST CSF, and CIS Critical Control frameworks
- Prior experience working with engineering teams on design and implementation of best-practices
- Extensive experience crafting security controls for new and existing cloud-based products
- Proficiency with Linux systems at scale, associated intrusion/manipulation techniques, and standard methodologies for system hardening and risk mitigation
- Experience securing network protocol architectures and implementations
Assets
- Worked on the design and implementation of controls for security products
- Proficient at identifying product related vulnerabilities before deployment to production
- Adept at influencing product and engineering direction for improving overall security posture
- Holding a recognized security certification (e.g. CISSP, CSSP, CEH, etc.)
To all recruitment agencies: Lightspeed does not accept unsolicited agency resumes. If we have not directly engaged your company in writing to supply candidates for a specific vacancy, Lightspeed will not be responsible for any fees related to unsolicited resumes.
Where to from here?
Obviously, this has to be mutually beneficial: we want you to step into a role you love, and we want to offer you a place you’re proud to come to every day. For a glimpse into our world check out our career page here.
Lightspeed is building communities through commerce, and we need people from all backgrounds and lived experiences to do that. We were founded in 2005, in Montreal’s gay village and our original members were all part of the LGBTQ+ community. The ethos of our business has been about inclusion from the very beginning, and we strive to provide a workplace where everyone belongs.
Who we are:
Powering the businesses that are the backbone of the global economy, Lightspeed's one-stop commerce platform helps merchants innovate to simplify, scale, and provide exceptional customer experiences. Our cloud commerce solution transforms and unifies online and physical operations, multichannel sales, expansion to new locations, global payments, financial solutions, and connection to supplier networks.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics APIs Application security AWS CEH CISSP Cloud Compliance DevOps DevSecOps E-commerce Ecommerce GCP Governance Linux MITRE ATT&CK NIST Privacy SaaS Security assessment Security strategy Strategy Terraform Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open DevSecOps-related jobs