Security Analyst

At SiteMinder we believe the individual contributions of our employees are what drive our success. That’s why we hire and encourage diverse teams that include and respect a variety of voices, identities, backgrounds, experiences and perspectives. Our diverse and inclusive culture enables our employees to bring their unique selves to work and be proud of doing so. It’s in our differences that we will keep revolutionising the way for our customers. We are better together!

What We Do…

We’re people who love technology but know that hoteliers just want things to be simple. So since 2006 we’ve been constantly innovating our world-leading hotel commerce platform to help accommodation owners find and book more guests online - quickly and simply.

We’ve helped everyone from boutique hotels to big chains, enabling travellers to book igloos, cabins, castles, holiday parks, campsites, pubs, resorts, Airbnbs, and everything in between.

And today, we’re the world’s leading open hotel commerce platform, supporting 44,500 hotels in 150 countries - with over 100 million reservations processed by SiteMinder’s technology every year.

About the Security Analyst role...

We are seeking a skilled Security Analyst to join our team, focusing on offensive security techniques, technical integrations, security operations, and fraud analysis. The role combines hands-on technical security testing with development work to enhance our security infrastructure and fraud detection capabilities.

What you’ll do…

Security Operations

• Daily review security alerts in SiteMinder’s security platform. 

• Experience using SIEM including running queries.

• Ability to analyze logs for incident investigation.

• Experience using Google Chronicle, CrowdStrike, Google Workspace, Stripe and Cloudflare. 

• Knowledge of YARA-L 2.0, Splunk query language, JSON data modelling and syslog data format.

• Identify threats and cyber security issues from security alerts.

• Write security incident reports that correctly capture the details of security events and actions taken to resolve or mitigate the security issue.

• Enforce security policies across multiple systems and ensure that security controls are relevant for the level of protection required.

• Review and update detection rules to reduce false positives and unnecessary notifications.

• Playbook / incident response processes development.

• Reviewing and audit monitoring solutions for different parts of the business.

• Integration of additional application logging into the security platform, Google Chronicle. 

• Ensure security operations are utilising technical in the most effective way with the features available.

• Communication with vendors on additional features required by the security platform.

Compliance and Information Security Standards

• Ensure security controls meet compliance requirements, specifically, PCI DSS, GDPR and ISO 27001

• Research general security issues that come up from time to time.

• Auditing effectiveness of technical controls and gathering evidence of external audits.

Data Security

• Reviewing third-party vendor security assessments and communicating gaps to employees and vendors. 

• Management of information security policies by aligning information security policies to relevant international security standards.

• Evaluate SiteMinder’s security practices against the NIST cybersecurity framework (CSF). 

• Communication of information security policies across SiteMinder departments.

What you have…

• Strong programming skills in languages such as Go, Python, Kotlin, Java, Logstash, YARA-L, or similar.

• Experience with penetration testing tools and methodologies.

• Knowledge of API integration and development.

• Understanding of security protocols and common attack vectors.

• Experience with fraud detection and analysis.

• Strong analytical and problem-solving skills.

• Familiarity with security automation and tooling.

• Experience with red teaming operations and offensive security.

• Knowledge of common security vulnerabilities and mitigation strategies.

• Strong documentation and communication skills.

• Ability to work independently and as part of a team.

• Experience with security monitoring and incident response.

• Relevant security certifications (e.g., OSCP, CEH, SANS) are a plus.

• Background in software development or systems engineering.

• Understanding of network protocols and security architectures.

• Experience with cloud security and infrastructure.

Our Perks & Benefits…

- Equity packages for you to be a part of the SiteMinder journey 

- Hybrid working model (in-office & from home)

- Mental health and well-being initiatives

- Generous parental (including secondary) leave policy

- Paid birthday, study and volunteering leave every year

- Sponsored social clubs, team events, and celebrations

- Employee Resource Groups (ERG) to help you connect and get involved 

- Investment in your personal growth offering training for your advancement

Does this job sound like you? If yes, we'd love for you to be part of our team! Please send a copy of your resume and our Talent Acquisition team will be in touch.

When you apply, please tell us the pronouns you use and any adjustments you may need during the interview process. We encourage people from underrepresented groups to apply.