Listing Description
Together we're on a mission to power every property in the world and to do that, we need to find the best talent in the world. That's why we're on the search for a highly skilled Security Analyst, to work with the Security team, and help us play our part in reinventing the world of hospitality tech and travel.
As a Security Analyst on our Security team, you will help deliver an exceptional and secure product experience to our customers all around the world. You will play a crucial role in ensuring the security and compliance of our systems, customers and data. Working on security at Cloudbeds requires an adaptable cross-functional mindset. You should be comfortable talking to individuals at every level and space across the organization, from Engineering to Sales, and even Executives.
Our Security strategy is to enable the delivery of trusted, scalable, and reliable products leveraging the best of modern technologies, tools, and standards. For the Security Analyst role, we are looking for someone who can communicate best practices across both a technology and organizational process space. Our best fit team members will have worked with a broad range of compliance regulation standards, application development best practices, and Security frameworks. You will participate in implementation and ongoing monitoring of security tooling at all edges of the security landscape. You will assist with Requests for Proposals from prospective customers, daily monitoring of endpoint detection platforms, conducting Pen-tests, application vulnerability discovery and remediation, compliance requests, company-wide security training programs, and more security owned initiatives!
Location: Remote - EU or LATAM regions
What You Will Do:
- Collaborate with cross-functional teams and multi-level stakeholders to drive Security concerns and initiatives company wide.
- Review and monitor security alerts over multiple platforms.
- Manage the takedowns against bad actors across our attack surfaces.
- Conduct company security awareness training and phishing campaigns.
- Collaborate on audits and compliance certification initiatives (PCI Level 1).
- Handle vulnerability scanning disputes and remediations with communications across teams and subject matter experts.
- Assist with data privacy compliance regulation requests and company-wide initiatives and messaging (GDPR, CCPA, Quebec Law 25).
- Collaborate to complete third-party questionnaires and security reviews from prospective customers.
- Oversee application security operations, including code analysis tool implementation and container scanning.
- Implement incident response scenario testing and updating incident response plans.
- Handle various security-related requests from customers, including phishing alerts, data breaches, and compliance issues.
- Update and maintain security documentation and policies.
You’ll Succeed With:
- A Bachelor's Degree in a relevant field and 2 years of experience or a minimum of 5 years of practical experience in information security, with a demonstrated understanding of the specified job requirements
- Strong communication, problem-solving and diplomacy skills. Our teams communicate in English, but few speak it as a first language
- Strong familiarity with compliance standards - existing and emerging (PCI DSS, GDPR, CCPA, etc.).
- Experience with various security monitoring tools and platforms
- Knowledge of application security best practices and tools.
- A strong business sense and ability to collaborate with leadership and non-technical stakeholders on highly visible projects
- Familiarity with Payment Systems and Processes, such as Payment Gateways and Processors and Online payment platforms. As well as experience with the Payment Card Industry Data Security Standard (PCI DSS) and Emerging -- Fintech-related -- Payment Technologies.
- Ability to wield security knowledge to resolve disputes rationally without hierarchical authority.
- A passion for data-driven decision making (metrics, experiments, proof of concepts)
- Understanding and evaluating short and long term risk vs implementation speed for different toolings.
- Basic Understanding of CI/CD Pipelines, DevOps, maintainability and how they relate to static code analysis tooling.
- Strong teamwork, and time management skills.
- Experience with cloud infrastructure and security (AWS, Docker, Kubernetes).
Nice to Have:
- Direct Experience with Crowdstrike, AWS GuardDuty, SonarQube, ZeroFox, KnowBe4 or PhishER
- Experience with incident response planning and execution.
- Certifications related to cybersecurity and information security. Ex: CISM, or CompTIA Security+
- Experience working with a remote-first and globally distributed team.
- Travel industry experience is a plus but definitely not required!
- Experience with Atlassian products [Jira/Confluence/Bitbucket] and/or Github.
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided