Hi there! Thanks for stopping by 👋
Are you actively looking for a new opportunity? Or just checking the market? Well… you might just be in the right place!
We are looking for a Staff Application Security Specialist to join our team. Within the Security team, you will improve the robustness of our security engineering practices, tools and product while building a healthy security culture across Lightspeed.
In this role you will be providing support to deliver the Information Security program by leading and empowering a team of information security subject matter experts, and collaboratively working with various Lightspeed business functions. You will be managing the maturation of the security and compliance program, delivering alignment with the Information Security requirements in support of Lightspeed business objectives.
You will be responsible for:
- ascertaining the level of security and reliability of the assets
- supporting application security services
- automating security tasks throughout the software development lifecycle
- mentoring, training stakeholders on application, infrastructure, mobile, network security risks and security concepts
We’re not an ordinary company, so we don’t expect you to be either. If you love learning new stuff and enjoy digging into hard work - keep on reading!
We’re passionate about enabling people to do their best work. We dream big and we’re looking for people who do the same. With us, career milestones happen often and we celebrate every one. Come work with us and find out where your career will take you at Lightspeed!
We are a lean, multidisciplinary team driving to be progressive in our approach to security and the security culture at Lightspeed. Our mission is to cultivate trust with people by keeping their data and systems resilient to threats.
- Support and evolve the bug bounty program.
- Lead application security reviews and threat modeling, including SAST/DAST/SCA.
- Lead in development of automated security testing to validate that secure coding best practices are being used.
- Guide and advise product development teams as SME in the area of application security.
- Develop security training and socialize the material with internal development teams.
- Participate and assist in addressing vulnerabilities within functional areas.
- Maintain and deliver metrics for measurable results and continuous improvements.
- Strong understanding of OWASP, Secure Coding practices and API Security.
- Development and scripting experience.
- Be a subject matter expert of a technical area impacting the security of the product.
- Strong experience working closely with developers.
- Experience with Vulnerability validation, triage and remediation, WebApp Pen Testing, WAF rules development.
- DevSecOps mindset.
- Experience with Cloud technologies, supply chain and CI/CD Pipelines.
- Knowledge of encryption concepts and cryptographic key management.
What's in It for You?
- Lots of autonomy, flexible work culture and possibility of remote work
- Development of very high traffic products, used at the global scale
- Exposure to modern and proven technology
- Tons of growth opportunities into technical or people management roles
- Amazing benefits & perks, including equity for all Lightspeeders
- Opportunity to join a fast-paced, high-growth company
- Opportunity to learn, expand your skill set, forge wonderful relationships and make your mark within the diverse and inclusive Lightspeed family, a true Canadian tech success story.
To all recruitment agencies: Lightspeed does not accept unsolicited agency resumes. If we have not directly engaged your company in writing to supply candidates for a specific vacancy, Lightspeed will not be responsible for any fees related to unsolicited resumes.
Where to from here?
Obviously, this has to be mutually beneficial: we want you to step into a role you love, and we want to offer you a place you’re proud to come to every day. For a glimpse into our world check out our career page here.
Lightspeed is building communities through commerce, and we need people from all backgrounds and lived experiences to do that. We were founded in 2005, in Montreal’s gay village and our original members were all part of the LGBTQ+ community. The ethos of our business has been about inclusion from the very beginning, and we strive to provide a workplace where everyone belongs.
Who we are:
Powering the businesses that are the backbone of the global economy, Lightspeed's one-stop commerce platform helps merchants innovate to simplify, scale, and provide exceptional customer experiences. Our cloud commerce solution transforms and unifies online and physical operations, multichannel sales, expansion to new locations, global payments, financial solutions, and connection to supplier networks.