Team Lead, Security

Summary

Join Lightspeed's Security Operations Team as a Team Lead, Security, a player-coach role for a senior technical expert. You will balance hands-on security analysis with leading, mentoring, and developing a team of security analysts. Serve as the primary incident response manager, guiding in-depth analysis of security events, ensuring high-quality end products, and overseeing standard operating procedures. Collaborate with cross-functional teams to resolve incidents and proactively mitigate threats. The ideal candidate is located on the West Coast (PST). This role offers opportunities for growth in both technical and people management.

Requirements

• Bachelor's degree or equivalent experience in computer science, cybersecurity, network engineering, or a similar field
• Extensive experience leading security incident response, including managing containment, eradication, and recovery for major incidents
• Demonstrated experience in mentoring or formally leading a technical team
• Significant experience using SIEM tools for log analysis and threat detection
• Significant experience with additional security tools, such as EDR, CSPM, and DLP
• Significant experience in detection engineering
• Experience working with large-scale cloud environments (AWS, GCP, etc)
• Thorough understanding of threat intelligence sources and how to apply them in security operations
• Demonstrated ability to work in cross-functional initiatives
• Strong leadership and mentoring capabilities
• Excellent communication, collaboration, and interpersonal skills
• Ability to analyze security events, identify patterns, and make informed decisions
• Basic scripting or coding skills (e.g. Python) for automating tasks
• Thoroughness in investigating incidents and assessing risks
• Extensive knowledge of security principles, access controls (IAM), network security, vulnerability management, incident response
• Strong analytical and problem-solving skills
• Ability to adapt to a complex and ever-changing environment
• Continuous learning and staying up to date on the latest security trends and threats

Responsibilities

• Serve as a primary incident response manager during security incidents, leading and coordinating containment, eradication, and recovery efforts
• Lead, mentor, and manage a team of security operations analysts, fostering a collaborative and high-performance culture across different geographic regions (NOAM & APAC)
• Conduct weekly one-on-one meetings, enabling team members with their deliverables, provide performance feedback, and support the career development of team members
• Coordinate and manage the team's workload and on-call schedule for incident response
• Act as the primary escalation point for the security operations team
• Partner with the Director of Security Operations on strategic initiatives and report on team performance and security posture
• Communicate effectively with both technical and non-technical stakeholders
• Advocate for propagating learnings from incidents, as well as security best practices and proactive threat mitigation throughout the organization
• As a senior technical expert, participate in and provide hands-on support during incident response activities
• Monitor and triage security alerts from various sources, including SIEM, IDS/IPS, firewalls, and endpoint protection systems, among others
• Conduct in-depth analysis of security events to identify potential threats and vulnerabilities
• Develop and implement detection use cases across the corporate environment as well as our array of products
• Aid in the development and maintenance of standard operating procedures for incident detection and response
• Enable Security Orchestration and Automated Response by either leveraging low-code tools or creating custom automation scripts
• Maintain and update security tools and technologies, and identify opportunities for improvement
• On-call availability for incident response
• Contributing as part of the wider team to achieve organizational objectives even if this means doing things that aren’t strictly within the scope of your role

Preferred Qualifications

• Relevant certifications, such as CompTIA Security+ or CISSP, are a plus
• Fluency in IaC tools (Terraform, CloudFormation, etc.) to automate secure infrastructure deployments is a plus
• Experience working with CrowdStrike is a plus
• Experience with protecting team members from social engineering is a plus

Benefits

• Amazing benefits & perks, including equity for all Lightspeeders
• Constant development of both your skill-set and business acumen with limitless growth opportunities
• Lots of autonomy, flexible work culture
• Innovation time to explore and learn at work
• Shaping the company by joining cultural & technical committees
• Tons of growth opportunities into technical or people management roles
• Opportunity to join a fast-paced, high-growth company
• Opportunity to learn, expand your skill set, forge wonderful relationships and make your mark within the diverse and inclusive Lightspeed family, a true Canadian tech success story
• Lightspeed equity scheme (we are all owners)
• Flexible paid time off and remote work policies
• Health insurance
• Contributions to your pension plan - RRSP
• Health and wellness benefit of $500 per year
• Paid leave and assistance for new parents
• Mental health online platform and counseling & coaching services
• Training opportunities to grow your skills and career
• Volunteer day
• Fully stacked kitchen (hot and cold beverages, meals served)
• Happy hours to build your relationships with colleagues after work