Security Analyst

Company Overview:

Lightspeed is a leading provider of cloud-based software for dealerships and Original Equipment Manufacturers (OEMs), serving the Powersport, Marine, RV, Trailer, Outdoor Power Equipment, and Golf Cart industries. Lightspeed’s Dealer Management Solution (DMS) enables dealerships to optimize their end-to-end business operations, including sales, parts, service, rentals, accounting, and Customer Relationship Management (CRM). When implemented into their daily operations, Lightspeed helps dealers increase their profitability by selling more units, service, and parts, all while creating a more streamlined experience for customers. For nearly 40 years, Lightspeed has been empowering 4,500+ dealers across North America with the tools and technology they need to manage their dealerships.

The Security Analyst plays a key role in supporting Lightspeed’s security and compliance programs through continuous monitoring, incident response, risk assessment, and policy governance. Working closely with senior analysts, engineering, and cloud teams, this role focuses on detecting and mitigating threats, maintaining SOC 2 control effectiveness, and ensuring third-party vendors meet Lightspeed’s security standards. The ideal candidate combines strong technical proficiency with knowledge of governance, risk management, and compliance frameworks to help maintain a mature, audit-ready security program.

What you’ll do:

• Monitor and triage security alerts from SIEM, EDR, and cloud security platforms.
• Assist in investigating incidents and coordinating containment, eradication, and recovery efforts.
• Perform and document internal risk assessments and track remediation activities to closure.
• Manage and maintain the Vendor Risk Management platform and develop monthly security posture reports and performance metrics.
• Conduct vendor due diligence assessments and manage third-party security reviews.
• Help develop, maintain, and enforce security policies, standards, and procedures that align with NIST CSF 2.0.
• Support vulnerability management by validating scan results and coordinating remediation with system owners.
• Support SOC 2 and NIST control implementation and evidence collection.
• Collaborate with IT, DevOps, and Cloud teams to apply and validate security best practices.
• Manage security awareness platforms and lead phishing campaigns and training.

What you should have:

Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent hands-on experience.
• 3–6 years of experience in information security operations, risk management, or compliance.
• Experience supporting SOC 2 or similar frameworks (ISO 27001, NIST CSF).
• Familiarity with SIEM solutions (Splunk, Sentinel, QRadar) and endpoint protection platforms (CrowdStrike, Defender, SentinelOne, etc.).
• Knowledge of GRC principles — policy governance, risk tracking, and control effectiveness.
• Hands-on experience with third-party vendor risk assessments and due-diligence reviews.
• Strong written communication skills for audit documentation and executive reporting.

Preferred Qualifications:

• Certifications such as CompTIA Security+, CySA+, GSEC, CISSP, or CISA.
• Experience with GRC platforms (OneTrust, LogicGate, Vanta, or similar).
• Familiarity with vulnerability management tools (Qualys, Tenable, or Rapid7).
• Exposure to incident management or SOAR systems (ServiceNow, Jira, Splunk Phantom).
• Hands-on experience supporting compliance readiness efforts (SOC 2, GDPR, or CMMC) .

Inclusion and Diversity at Lightspeed:

At Lightspeed, we celebrate the uniqueness of every individual and encourage diverse perspectives. We believe that inclusion drives innovation and fosters meaningful connections. We are committed to building an environment where everyone feels valued and empowered to make an impact.

Equal Employment Opportunity Statement:

Lightspeed is an Equal Opportunity Employer and is dedicated to building a diverse and inclusive workforce. All qualified applicants will be considered for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, religion, age, disability, veteran status, or any other protected category.

Important Note:

Applicants must be authorized to work in the U.S.

Ready to apply?

Take the next step in your career—apply today and join a team where your skills will make an impact!