AppSec Security Specialist
About Us
At Rezdy/Checkfront, we’re builders, doers, and difference-makers, driven by a shared mission to reshape the tours, activities, and experiences industry. Alongside our sister brands, Rezdy and Regiondo, we power more than 20,000 businesses and support over $10B in bookings globally. Our technology helps operators thrive while delivering unforgettable moments to travelers around the world.
We work in an industry built on adventure, energy, and human connection, and that same spirit fuels how we show up every day. Spanning North America, Europe, and APAC, our teams are united by bold goals, a bias for action, and an unwavering commitment to delivering for our customers.
But our success starts with people. Our teams are the engine behind everything we create. We value self-starters who take ownership, embrace challenges, and raise the bar for themselves and those around them. We believe in creating space to grow, take risks, and make a real impact, and we celebrate those who lead with curiosity, grit, and drive.
If you’re passionate about security, compliance, and helping teams work smarter and safer, this is your kind of place. Let’s build, grow, and win together.
About the Role
We are seeking an AppSec Security Specialist to support our growing security function, with a primary focus on application security, vulnerability management, and secure development practices across Checkfront and our sister brands.
This is a hybrid security role that combines hands-on application security work with security operations support. You will help identify and remediate risks across our web applications, APIs, cloud environments, and development workflows, while also supporting key security tools across endpoint protection, DLP, SIEM, SOAR, vulnerability management, and security awareness.
This role is ideal for someone who enjoys working with engineering teams, performing web application security scans, coordinating penetration testing activities, investigating security alerts, tracking remediation, and helping the business improve its overall security posture.
What You Will Do
Application Security
- Support application security across Checkfront, Rezdy, Regiondo, and related platforms.
- Perform web application security scans and help validate, prioritize, and track findings through remediation.
- Support vulnerability management processes, including scanning, prioritization, reporting, and remediation tracking.
- Use and support application security tools such as SAST, DAST, SCA, and manage security findings.
- Coordinate with penetration testing vendors, including scoping, scheduling, evidence collection, findings review, and remediation follow-up.
- Work with engineering/dev teams to validate security findings, reduce risk, and improve secure development practices.
- Help identify and reduce risk across web applications, APIs, cloud services, and third-party components.
- Support secure software development practices, including clear guidance on remediation, secure coding, and risk reduction.
Security Operations
- Support day-to-day security operations across endpoint protection, DLP, SIEM, SOAR, and vulnerability management tools.
- Monitor and triage security alerts from tools such as CrowdStrike and related security platforms.
- Assist with incident response activities, including investigation, documentation, escalation, and follow-up actions.
- Help tune alerts, workflows, automations, and reporting to reduce noise and improve security visibility.
- Support security logging, monitoring, and detection improvement initiatives.
Security Awareness and Training
- Manage and support the KnowBe4 security awareness platform.
- Coordinate phishing simulations, training campaigns, reporting, and follow-up actions.
- Help improve employee security awareness through clear communication, practical guidance, and targeted training.
- Track training completion and support reporting related to security education.
Collaboration and Communication
- Partner with security, IT, engineering, legal, privacy, and business teams to support security outcomes.
- Translate security requirements into clear, actionable tasks.
- Communicate findings, risks, and remediation needs to both technical and non-technical stakeholders.
- Help build a security culture focused on ownership, transparency, and continuous improvement.
What We Are Looking For
- 4+ years of experience in application security, security operations, IT security, vulnerability management, or a related field.
- Experience with web application security testing, vulnerability scanning, remediation tracking, or secure software development practices.
- Experience with security tools such as EDR, DLP, SIEM, SOAR, vulnerability management, web application scanning, or security awareness platforms.
- Familiarity with CrowdStrike, KnowBe4, vulnerability scanners, ticketing systems, web application scanning tools, and GRC platforms is an asset.
- Ability to investigate security alerts, document findings, and escalate issues appropriately.
- Ability to work with engineering and IT teams to validate findings, track remediation, and reduce risk.
- Strong attention to detail and the ability to track findings, risks, and remediation items through to completion.
- Strong written and verbal communication skills with both technical and non-technical audiences.
- Comfort working in a fast-moving SaaS environment with multiple brands, systems, and stakeholders.
- A practical, curious, and ownership-driven approach to security.
Nice to Have
- Working knowledge of security and compliance frameworks such as SOC 2, ISO 27001, PCI DSS, GDPR, or similar standards.
- Experience supporting audit preparation, evidence collection, control testing, or ongoing compliance tracking.
- Experience supporting customer security questionnaires, vendor risk assessments, due diligence requests, or RFP security responses.
- Experience supporting SaaS, fintech, travel technology, or other regulated technology environments.
- Familiarity with cloud platforms, secure software development practices, and infrastructure security.
- Experience coordinating external penetration tests or working with third-party security vendors.
- Certifications such as CISSP, Security+, CSSLP, or similar are an asset.
- Experience with privacy, data protection, or AI governance requirements is an asset.
What You Can Expect
When you join our team, you’re stepping into a culture built on momentum, ownership, and connection.
We move fast, think big, and focus hard without losing sight of the people behind the work. Across all our brands, we’re united by a belief that impact comes from empowered teams, clear priorities, and a shared commitment to our customers and each other.
- High trust, high impact: We give our people the autonomy to take ownership, solve problems, and make meaningful contributions.
- Curiosity is encouraged: We value learning, asking questions, and pushing boundaries, not just getting things done, but doing them better.
- Collaboration over ego: We work as one team across geographies and brands. Success is shared, and support is a given.
- Space to grow: Whether you’re deepening your security skills, expanding into compliance, or learning new tools, you’ll be backed to grow.
- Progress over perfection: We embrace change, move quickly, and are constantly iterating to improve how we work and what we deliver.
- You’ll be joining a global team that’s passionate about building something that matters and having a good time while doing it.
We’d love for you to join us on this exciting journey. Together, let’s shape the future of the leisure and tourism industry.