Senior Security Engineer
Lightspark
The Internet lacks a protocol for money. Lightspark is building the tools and services to make it happen. Lightspark builds enterprise-ready infrastructure for open payments for the Internet at scale using the Lightning Network. An always-on, low-cost, universal payment network will completely transform how money is moved, enabling businesses and developers to transform existing solutions and build new financial systems, services, and processes accessible to everyone, transcending geographical restraints. Lightspark is headquartered in Los Angeles, California, but serves the world.
At Lightspark, our goal is to build meaningful payment infrastructure by building upon and extending the capabilities and utility of Bitcoin. We are starting by diving deep into the Lightning network.
We are seeking an experienced and motivated Senior Security Engineer to help secure our platform and system by building secure frameworks and tools, performing security reviews and audits, and working on detection and response. The Security Engineer will be responsible for proactively preventing security vulnerabilities as well as identifying, analyzing, and mitigating potential security threats to our engineering processes, products, and infrastructure. This role will work in many different areas of security simultaneously, so a broad understanding of different types of security engineering is necessary. The ideal candidate will have a strong background in software engineering, security best practices, and a passion for ensuring the safety and security of our systems and data.
WHAT YOU’LL BE DOING:
- Build tools and systems to improve the security of our products and infrastructure by default.
- Evaluate and analyze the security posture of engineering processes, products, and infrastructure, with a specific focus on code auditing and review, identifying potential vulnerabilities, and recommending appropriate mitigations.
- Conduct security risk assessments and audits, ensuring compliance with industry standards and regulatory requirements, with a focus on code security.
- Collaborate with cross-functional teams to design, develop, and implement secure engineering practices and solutions
- Provide technical guidance and expertise to engineering teams on secure development practices and techniques, with a focus on blockchain/crypto security and code auditing and review.
- Partner with Security Engineering leaders in development and delivery of security training and awareness programs for engineering staff, with a focus on secure coding practices and blockchain/crypto security.
- Monitor and investigate security incidents, performing root cause analysis and developing remediation plans, with a focus on code vulnerabilities
- Stay current with emerging security threats, technologies, and best practices, making recommendations for continuous improvement of the company's security posture, especially in the blockchain and cryptocurrency space.
WHAT WE ARE LOOKING FOR:
- Minimum of 5 years of experience in engineering security, including experience with secure software development, infrastructure security, and risk management, with a strong focus on code auditing and review.
- Strong understanding of security concepts, principles, and best practices, including secure coding, encryption, authentication, and access control, with a focus on blockchain/crypto security.
- Proficient in at least one programming or scripting language (e.g., Python, Java, C/C++, or similar)
- Knowledge of common security vulnerabilities, attack vectors, and mitigation strategies, preferably with a focus on code vulnerabilities in the blockchain and cryptocurrency space.
- A CS degree or equivalent is ideal but not required. We appreciate and acknowledge that some of the best talent comes from non-traditional backgrounds, especially in the security, blockchain, and cryptocurrency space.
- Strong understanding of at least two of cloud/infrastructure security, application security, Mac/Linux security, and Cloud SaaS security.
- Familiarity with industry standards and frameworks, such as ISO 27001, NIST, or OWASP, with a focus on their application in the blockchain and cryptocurrency space.
- Excellent problem-solving, analytical, and communication skills, with the ability to work effectively in a collaborative team environment
Lightspark is on a mission to build an open payment protocol for the Internet at scale and therefore we’re committed to creating a more inclusive and diverse workplace to reflect the customers we serve. We welcome interest from individuals of all backgrounds and levels of experience who share our mission. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other applicable legally protected characteristics.