Information Security Specialist at Upserve
Providence, RI, US

About the role

The Information Security Specialist role is engaged in every aspect of the information security program at Upserve and interacts with every part of the business to scale security at Upserve to support our continued growth. In this role, your work will have a significant impact and visibility.

A typical week may include:

  • Conducting risk assessments of systems, processes, and third-parties
  • Participating in or overseeing security assessments such as penetration testing, bug bounties, and code reviews
  • Ensuring compliance with PCI DSS requirements and effectively demonstrating our compliance to third-parties
  • Facilitating business impact analyses for processes, systems, personnel, and third-parties
  • Researching and building attacker models
  • Working closely with engineers to build threat models
  • Aligning our security program with NIST CSF, BSIMM, or other industry standards
  • Designing and delivering security training for our security awareness program
  • Collaborating on the development of secure configuration standards, as well as overseeing and reporting on compliance with the standards
  • Improving identity and access management practices
  • Evaluating vulnerabilities for security impact and overseeing compliance with remediation standards
  • Working with stakeholders to maintain a software development lifecycle that enables Upserve to move quickly without compromising security
  • Collaborate on building a threat detection and response capability that enables teams to receive and respond to automated, high signal-noise ratio, alerts
  • Collaborating on the development of disaster recovery and business continuity plans
 

About you

  • You have good judgment and a sense of when to compromise and when to hold your ground
  • You understand that risk appetite is fluid and informed by security professionals, but defined by the business
  • You agree that information security exists to enable people, teams, and collectively the company to make educated, risk-based decisions on how best to protect information entrusted to us
  • You learn from the past, but challenge the status quo by seeking creative ways of solving information security problems of the present and future
  • When facing a problem that's poorly defined or outside of your expertise, you can quickly learn what you need to dig in, make sense of the problem, and start working towards a solution

 

 

Qualifications

  • 3+ years of work experience in an information security role
  • 5+ years of progressive work experience in business or technology roles
  • Ability to articulate the importance of managing risk
  • Self-motivated and able to work independently with minimal supervision
  • Analytical skills with the ability to grasp technical concepts
  • Written and verbal communication skills with the ability to explain complex technical problems to a non-technical audience, and risk problems to a technical audience
  • Demonstrated experience in some of these domains:
    • Application Security
    • Product Security
    • Risk Management
    • Business Continuity and Disaster Recovery
    • Security Training
    • Threat Modeling
    • Vulnerability Management
    • Compliance
  • A desire to explore and be involved with most (or all) of the above domains

Bonus points for:

  • Development experience with Ruby, Javascript, or other languages
  • Experience with AWS (preferred), Azure, or Google Cloud
  • Experience working for a SaaS provider
  • Experience working in a “cloud first” environment

 

 

 

 

WHAT UPSERVE HAS TO OFFER YOU

  • We put family first. At Upserve that means making the choices that are right for you and taking the paid time off you need when you need it. We know it’s impractical to assume that work never bleeds over into our personal lives, and vice versa. Instead of fighting to keep the two separate, we make sure that our perspective on family reflects the values of our employees.

  • We’ll invest in your career. Upserve is growing quickly, and we’ll give you the opportunity to do the same. Through our internal learning and development resources and our partnership with Vista Equity Partners, you’ll have access to a number of professional development opportunities so that you can keep up with the company’s evolving needs.

  • We care about your wellbeing. We pay 100% of your medical and dental insurance coverage, offer tax savings plans for retirement and dependent care, subsidize your transportation costs, offer a generous and inclusive parental leave, and provide catered lunches/meal allowances.

  • We offer competitive compensation packages. Our people matter! We don’t ignore the role that compensation has on motivation and performance so we strive to equitably compensate our people.

  • We’re creating an inclusive environment where everyone can thrive. Our customers are a diverse group, so we’re building a team that is too. Through our various D&I recruitment partnerships, intramural sports, quarterly engagement and feedback surveys, and more. We’re building an organization that provides our employees with the emotional and physical space to bring their best selves to work.

 

ABOUT UPSERVE

Upserve is the magic ingredient that helps restaurateurs thrive by putting everything they need in one place. We are a leading restaurant management platform with a cloud-based Point of Sale (POS) system, data and analytics, inventory management and payments processing for small to midsize restaurants. Thousands of restaurants use Upserve to manage relationships with more than 57 million active diners, process over $12 billion in annual sales, and to serve over 36 million meals per month.

Upserve is proud to be an Equal Opportunity Employer. We strive to have a team that is as diverse as the industry we serve and we partner with a number of local organizations working to improve access to the tech industry for underrepresented groups. All qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status or disability.