Security Analyst

Lightspeed DMS•South Jordan, UT

About The Position

Lightspeed is a leading provider of cloud-based software for dealerships and Original Equipment Manufacturers (OEMs), serving the Powersport, Marine, RV, Trailer, Outdoor Power Equipment, and Golf Cart industries. Lightspeed’s Dealer Management Solution (DMS) enables dealerships to optimize their end-to-end business operations, including sales, parts, service, rentals, accounting, and Customer Relationship Management (CRM). When implemented into their daily operations, Lightspeed helps dealers increase their profitability by selling more units, service, and parts, all while creating a more streamlined experience for customers. For nearly 40 years, Lightspeed has been empowering 4,500+ dealers across North America with the tools and technology they need to manage their dealerships. The Security Analyst plays a key role in supporting Lightspeed’s security and compliance programs through continuous monitoring, incident response, risk assessment, and policy governance. Working closely with senior analysts, engineering, and cloud teams, this role focuses on detecting and mitigating threats, maintaining SOC 2 control effectiveness, and ensuring third-party vendors meet Lightspeed’s security standards. The ideal candidate combines strong technical proficiency with knowledge of governance, risk management, and compliance frameworks to help maintain a mature, audit-ready security program.

Requirements

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent hands-on experience.
3–6 years of experience in information security operations, risk management, or compliance.
Experience supporting SOC 2 or similar frameworks (ISO 27001, NIST CSF).
Familiarity with SIEM solutions (Splunk, Sentinel, QRadar) and endpoint protection platforms (CrowdStrike, Defender, SentinelOne, etc.).
Knowledge of GRC principles — policy governance, risk tracking, and control effectiveness.
Hands-on experience with third-party vendor risk assessments and due-diligence reviews.
Strong written communication skills for audit documentation and executive reporting.

Nice To Haves

Certifications such as CompTIA Security+, CySA+, GSEC, CISSP, or CISA.
Experience with GRC platforms (OneTrust, LogicGate, Vanta, or similar).
Familiarity with vulnerability management tools (Qualys, Tenable, or Rapid7).
Exposure to incident management or SOAR systems (ServiceNow, Jira, Splunk Phantom).
Hands-on experience supporting compliance readiness efforts (SOC 2, GDPR, or CMMC)

Responsibilities

Monitor and triage security alerts from SIEM, EDR, and cloud security platforms.
Assist in investigating incidents and coordinating containment, eradication, and recovery efforts.
Perform and document internal risk assessments and track remediation activities to closure.
Manage and maintain the Vendor Risk Management platform and develop monthly security posture reports and performance metrics.
Conduct vendor due diligence assessments and manage third-party security reviews.
Help develop, maintain, and enforce security policies, standards, and procedures that align with NIST CSF 2.0.
Support vulnerability management by validating scan results and coordinating remediation with system owners.
Support SOC 2 and NIST control implementation and evidence collection.
Collaborate with IT, DevOps, and Cloud teams to apply and validate security best practices.
Manage security awareness platforms and lead phishing campaigns and training.