Security Analyst
How You'll Make an Impact:
As a Security Analyst, you will play a crucial role in delivering an exceptional and secure product experience to our customers around the world while ensuring the security and compliance of our systems, customers, and data.
You will work cross-functionally with individuals at every level across the organization—from Engineering to Sales and Executives—to communicate security best practices and enable the delivery of trusted, scalable, and reliable products leveraging modern technologies, tools, and standards.
Your responsibilities will span the full security landscape, including implementation and ongoing monitoring of security tooling, responding to Requests for Proposals from prospective customers, daily monitoring of endpoint detection platforms, conducting penetration tests, discovering and remediating application vulnerabilities, managing compliance requests, leading company-wide security training programs, and driving other security-owned initiatives that reinvent the world of hospitality tech and travel.
Our Security Team:
Our Security team thrives on open communication and mutual trust—we empower each other to work independently while providing the support needed to tackle high-impact challenges that strengthen our security posture for both Cloudbeds and our customers. We're proactive problem-solvers who aren't afraid to roll up our sleeves and get hands-on, balancing our drive to work hard with a strong respect for work-life balance and long-term success. You'll thrive here if you're someone who prioritizes effectively, collaborates naturally, and brings positive energy to solving meaningful security challenges alongside teammates who genuinely have your back.
What You Bring to the Team:
Lead incident response efforts including monitoring security alerts across multiple platforms, managing threat takedowns, and handling customer-reported security incidents such as phishing alerts and data breaches.
Develop and test incident response plans through scenario exercises and continuous improvement of our security playbooks and procedures.
Implement and manage application security tooling including SAST/DAST solutions in CI/CD pipelines, container scanning, and code analysis platforms to strengthen our security posture.
Conduct forensic analysis and investigations to identify attack vectors, assess impact, and drive remediation efforts across the organization.
Build and maintain security policies, deliver company-wide security awareness training and phishing campaigns, and drive security best practices across all teams.
Support compliance certification initiatives including PCI Level 1 audits, vulnerability management programs, and cross-team coordination on remediation efforts.
Manage compliance requests and security reviews including GDPR/CCPA data privacy requirements, Quebec Law 25, third-party security questionnaires, and prospective customer assessments.
What Sets You Up for Success:
A Bachelor's Degree in a relevant field and 3+ years of experience in information security, or equivalent practical experience demonstrating a strong understanding of security operations, incident response, and compliance requirements.
Excellent communication and diplomacy skills with the ability to collaborate effectively across diverse, multilingual teams and influence stakeholders at all levels—from engineers to executives—without relying on hierarchical authority.
Deep knowledge of compliance frameworks and standards including PCI DSS Level 1, SOC 2, GDPR, CCPA, and emerging fintech regulations, with hands-on experience navigating payment systems, gateways, processors, and associated security requirements.
Proven experience with security monitoring and detection platforms, incident response tools, vulnerability management systems, and application security solutions including SAST/DAST tooling.
Strong technical understanding of CI/CD pipelines, DevOps practices, and how they integrate with static code analysis tools, container scanning, and application security workflows to balance maintainability with security.
Hands-on experience with cloud infrastructure security, particularly AWS and Kubernetes, combined with the ability to assess risk versus implementation speed for security tooling and initiatives.
A data-driven mindset with strong problem-solving abilities, leveraging metrics and proof-of-concepts to make informed decisions, coupled with excellent teamwork and time management skills to prioritize competing demands effectively.
Bonus Skills to Stand Out :
Experience conducting security risk assessments and translating findings into actionable remediation plans across technical and business stakeholders.
Hands-on experience with security platforms such as CrowdStrike, AWS Security, GitHub Advanced Security, ZeroFox, KnowBe4, or PhishER.
Industry certifications such as AWS Certified Security - Specialty, CISM, CompTIA Security+, or equivalent credentials demonstrating commitment to cybersecurity excellence.
Work Authorization Please note that applicants must be currently authorized to work in the location where the position is located without requiring visa sponsorship. At this time, Cloudbeds is unable to provide sponsorship for work visas.
Compensation: Depending on your skills and experience, you can expect your annual compensation to be between $40K - $62K
#LI-REMOTE #LI-SD1
About the job
Apply for this position
Security Analyst
How You'll Make an Impact:
As a Security Analyst, you will play a crucial role in delivering an exceptional and secure product experience to our customers around the world while ensuring the security and compliance of our systems, customers, and data.
You will work cross-functionally with individuals at every level across the organization—from Engineering to Sales and Executives—to communicate security best practices and enable the delivery of trusted, scalable, and reliable products leveraging modern technologies, tools, and standards.
Your responsibilities will span the full security landscape, including implementation and ongoing monitoring of security tooling, responding to Requests for Proposals from prospective customers, daily monitoring of endpoint detection platforms, conducting penetration tests, discovering and remediating application vulnerabilities, managing compliance requests, leading company-wide security training programs, and driving other security-owned initiatives that reinvent the world of hospitality tech and travel.
Our Security Team:
Our Security team thrives on open communication and mutual trust—we empower each other to work independently while providing the support needed to tackle high-impact challenges that strengthen our security posture for both Cloudbeds and our customers. We're proactive problem-solvers who aren't afraid to roll up our sleeves and get hands-on, balancing our drive to work hard with a strong respect for work-life balance and long-term success. You'll thrive here if you're someone who prioritizes effectively, collaborates naturally, and brings positive energy to solving meaningful security challenges alongside teammates who genuinely have your back.
What You Bring to the Team:
Lead incident response efforts including monitoring security alerts across multiple platforms, managing threat takedowns, and handling customer-reported security incidents such as phishing alerts and data breaches.
Develop and test incident response plans through scenario exercises and continuous improvement of our security playbooks and procedures.
Implement and manage application security tooling including SAST/DAST solutions in CI/CD pipelines, container scanning, and code analysis platforms to strengthen our security posture.
Conduct forensic analysis and investigations to identify attack vectors, assess impact, and drive remediation efforts across the organization.
Build and maintain security policies, deliver company-wide security awareness training and phishing campaigns, and drive security best practices across all teams.
Support compliance certification initiatives including PCI Level 1 audits, vulnerability management programs, and cross-team coordination on remediation efforts.
Manage compliance requests and security reviews including GDPR/CCPA data privacy requirements, Quebec Law 25, third-party security questionnaires, and prospective customer assessments.
What Sets You Up for Success:
A Bachelor's Degree in a relevant field and 3+ years of experience in information security, or equivalent practical experience demonstrating a strong understanding of security operations, incident response, and compliance requirements.
Excellent communication and diplomacy skills with the ability to collaborate effectively across diverse, multilingual teams and influence stakeholders at all levels—from engineers to executives—without relying on hierarchical authority.
Deep knowledge of compliance frameworks and standards including PCI DSS Level 1, SOC 2, GDPR, CCPA, and emerging fintech regulations, with hands-on experience navigating payment systems, gateways, processors, and associated security requirements.
Proven experience with security monitoring and detection platforms, incident response tools, vulnerability management systems, and application security solutions including SAST/DAST tooling.
Strong technical understanding of CI/CD pipelines, DevOps practices, and how they integrate with static code analysis tools, container scanning, and application security workflows to balance maintainability with security.
Hands-on experience with cloud infrastructure security, particularly AWS and Kubernetes, combined with the ability to assess risk versus implementation speed for security tooling and initiatives.
A data-driven mindset with strong problem-solving abilities, leveraging metrics and proof-of-concepts to make informed decisions, coupled with excellent teamwork and time management skills to prioritize competing demands effectively.
Bonus Skills to Stand Out :
Experience conducting security risk assessments and translating findings into actionable remediation plans across technical and business stakeholders.
Hands-on experience with security platforms such as CrowdStrike, AWS Security, GitHub Advanced Security, ZeroFox, KnowBe4, or PhishER.
Industry certifications such as AWS Certified Security - Specialty, CISM, CompTIA Security+, or equivalent credentials demonstrating commitment to cybersecurity excellence.
Work Authorization Please note that applicants must be currently authorized to work in the location where the position is located without requiring visa sponsorship. At this time, Cloudbeds is unable to provide sponsorship for work visas.
Compensation: Depending on your skills and experience, you can expect your annual compensation to be between $40K - $62K
#LI-REMOTE #LI-SD1