AppSec Security Specialist
Rezdy · NAMER · Today
RemoteRemoteManagement$10/hrFull-time
About Us At Rezdy/Checkfront, we’re builders, doers, and difference-makers, driven by a shared mission to reshape the tours, activities, and experiences industry. Alongside our sister brands, Rezdy and Regiondo, we power more than 20,000 businesses and support over $10B in bookings globally. Our technology helps operators thrive while delivering unforgettable moments to travelers around the world. We work in an industry built on adventure, energy, and human connection, and that same spirit fuels how we show up every day. Spanning North America, Europe, and APAC, our teams are united by bold goals, a bias for action, and an unwavering commitment to delivering for our customers. But our success starts with people. Our teams are the engine behind everything we create. We value self-starters who take ownership, embrace challenges, and raise the bar for themselves and those around them. We believe in creating space to grow, take risks, and make a real impact, and we celebrate those who lead with curiosity, grit, and drive. If you’re passionate about security, compliance, and helping teams work smarter and safer, this is your kind of place. Let’s build, grow, and win together. About The Role We are seeking an AppSec Security Specialist to support our growing security function, with a primary focus on application security, vulnerability management, and secure development practices across Checkfront and our sister brands. This is a hybrid security role that combines hands-on application security work with security operations support. You will help identify and remediate risks across our web applications, APIs, cloud environments, and development workflows, while also supporting key security tools across endpoint protection, DLP, SIEM, SOAR, vulnerability management, and security awareness. This role is ideal for someone who enjoys working with engineering teams, performing web application security scans, coordinating penetration testing activities, investigating security alerts, tracking remediation, and helping the business improve its overall security posture. What You Will Do Application Security Support application security across Checkfront, Rezdy, Regiondo, and related platformsPerform web application security scans and help validate, prioritize, and track findings through remediationSupport vulnerability management processes, including scanning, prioritization, reporting, and remediation trackingUse and support application security tools such as SAST, DAST, SCA, and manage security findingsCoordinate with penetration testing vendors, including scoping, scheduling, evidence collection, findings review, and remediation follow-upWork with engineering/dev teams to validate security findings, reduce risk, and improve secure development practicesHelp identify and reduce risk across web applications, APIs, cloud services, and third-party componentsSupport secure software development practices, including clear guidance on remediation, secure coding, and risk reduction Security Operations Support day-to-day security operations across endpoint protection, DLP, SIEM, SOAR, and vulnerability management toolsMonitor and triage security alerts from tools such as CrowdStrike and related security platformsAssist with incident response activities, including investigation, documentation, escalation, and follow-up actionsHelp tune alerts, workflows, automations, and reporting to reduce noise and improve security visibilitySupport security logging, monitoring, and detection improvement initiatives Security Awareness and Training Manage and support the KnowBe4 security awareness platformCoordinate phishing simulations, training campaigns, reporting, and follow-up actionsHelp improve employee security awareness through clear communication, practical guidance, and targeted trainingTrack training completion and support reporting related to security education Collaboration and Communication Partner with security, IT, engineering, legal, privacy, and business teams to support security outcomesTranslate security requirements into clear, actionable tasksCommunicate findings, risks, and remediation needs to both technical and non-technical stakeholdersHelp build a security culture focused on ownership, transparency, and continuous improvement What We Are Looking For 4+ years of experience in application security, security operations, IT security, vulnerability management, or a related fieldExperience with web application security testing, vulnerability scanning, remediation tracking, or secure software development practicesExperience with security tools such as EDR, DLP, SIEM, SOAR, vulnerability management, web application scanning, or security awareness platformsFamiliarity with CrowdStrike, KnowBe4, vulnerability scanners, ticketing systems, web application scanning tools, and GRC platforms is an assetAbility to investigate security alerts, document findings, and escalate issues appropriatelyAbility to work with engineering and IT teams to validate findings, track remediation, and reduce riskStrong attention to detail and the ability to track findings, risks, and remediation items through to completionStrong written and verbal communication skills with both technical and non-technical audiencesComfort working in a fast-moving SaaS environment with multiple brands, systems, and stakeholdersA practical, curious, and ownership-driven approach to security Nice to Have Working knowledge of security and compliance frameworks such as SOC 2, ISO 27001, PCI DSS, GDPR, or similar standardsExperience supporting audit preparation, evidence collection, control testing, or ongoing compliance trackingExperience supporting customer security questionnaires, vendor risk assessments, due diligence requests, or RFP security responsesExperience supporting SaaS, fintech, travel technology, or other regulated technology environmentsFamiliarity with cloud platforms, secure software development practices, and infrastructure securityExperience coordinating external penetration tests or working with third-party security vendorsCertifications such as CISSP, Security+, CSSLP, or similar are an assetExperience with privacy, data protection, or AI governance requirements is an asset What You Can Expect When you join our team, you’re stepping into a culture built on momentum, ownership, and connection. We move fast, think big, and focus hard without losing sight of the people behind the work. Across all our brands, we’re united by a belief that impact comes from empowered teams, clear priorities, and a shared commitment to our customers and each other. High trust, high impact: We give our people the autonomy to take ownership, solve problems, and make meaningful contributionsCuriosity is encouraged: We value learning, asking questions, and pushing boundaries, not just getting things done, but doing them betterCollaboration over ego: We work as one team across geographies and brands. Success is shared, and support is a givenSpace to grow: Whether you’re deepening your security skills, expanding into compliance, or learning new tools, you’ll be backed to growProgress over perfection: We embrace change, move quickly, and are constantly iterating to improve how we work and what we deliverYou’ll be joining a global team that’s passionate about building something that matters and having a good time while doing it We’d love for you to join us on this exciting journey. Together, let’s shape the future of the leisure and tourism industry. Powered by JazzHR qmiHi7Q70q