Cyber Security Operations Specialist

Summary

Join Hostaway, a leading SaaS company transforming the vacation rental industry, as a fully remote Cyber Security Operations Specialist. Based in Latin America (UTC-3 to UTC-6), you will drive the technical and procedural aspects of security operations. Monitor and optimize security tools, proactively address threats, respond to incidents, and collaborate with teams to integrate security into daily operations. Develop, document, and refine processes such as incident response playbooks and vulnerability management workflows. This role is crucial to our continued growth and offers competitive compensation, equity, and professional development opportunities.

Requirements

• 5+ years of experience in security, with a focus on cyber security operations
• Hands-on experience with security tools such as EDR, MDM, IAM, SIEM, Cloud Security Posture Management (CSPM)
• Strong understanding of incident detection, response, and root cause analysis for threats, including malware, phishing, and data breaches
• Experience developing, documenting, and maintaining security processes, incident response playbooks, and operational runbooks to ensure consistency and continuous improvement
• Experience in vulnerability management: prioritizing CVEs, tracking patching SLAs, validating fixes, and enforcing baseline configurations (e.g., CIS benchmarks for cloud and endpoints)
• Proficiency in monitoring, tuning, and integrating security tools such as EDR, XDR, IdP, Email Security, DLP, and Mobile Device Management
• Ability to manage user access controls, conduct periodic reviews, enforce MFA and privileged access policies, and support technical evaluations to prevent privilege misuse

Responsibilities

• Monitor and optimize a suite of security tools, proactively take actions to keep us safe, respond to incidents, and collaborate with teams to ensure security is integrated into our daily business
• Develop, document, and refine processes like incident response playbooks, vulnerability management workflows, and user access audits for offboarding compliance to ensure our approach is consistent, auditable, and continuously improving
• Start your day with personal time to review overnight alerts and events from tools like EDR, MDM and IdP. Check for any critical incidents or trends that may require immediate attention
• Join the daily team sync for 15 minutes. Share priorities, escalate blockers or urgent findings, and align on the day's focus areas
• Address any critical or urgent matters first: triage and respond to high-priority incidents, coordinate immediate containment or remediation actions, and update incident response documentation as needed
• Follow up with stakeholders (engineering, IT, operations, business units) on the status of open vulnerabilities, patching progress, and access reviews. Track remediation SLAs and ensure accountability for outstanding issues
• Work on improving and maintaining security processes: update playbooks, refine response procedures, and document lessons from recent incidents for continuous improvement
• Analyze new bug bounty submissions and coordinate with engineering to plan and verify fixes
• Monitor and tune security tools (e.g., SIEM, EDR, MDM) for new alerts, misconfigurations, or suspicious activity. Schedule or review phishing simulations and assign targeted training if needed
• Conduct proactive threat hunting in SIEM logs and threat intelligence feeds, looking for indicators of compromise or emerging attack patterns
• Document the day's investigations, update incident and vulnerability records, and prepare summary reports for compliance needs
• Throughout the day – Support the team and stakeholders, automate repetitive tasks, and work on process improvements

Benefits

• Competitive Compensation: We offer competitive pay based on market rates in the country of the applicant
• 100% Remote: Enjoy the freedom to work from anywhere within your country of residence—be it a co-working space, your home office, or even your dining room table. The choice is yours. Just don’t ask to work in our office (we don’t have one)
• Equity: Every role in our company comes with valuable stock options in a fast-growing and profitable company. This ensures we all share in the company’s success
• Values-Driven Leadership: Our Core Values are not just words we’ve written to make us feel good. We leverage them daily when making strategic and tactical decisions
• Professional Growth: Our rapid growth offers unparalleled learning and development opportunities, along with a multitude of career advancement opportunities
• Annual Paid Leave: The specific amounts vary by country and are aligned with country and/or contract-specific norms
• Geographic Specific Benefits: As an international employer, we offer different country-specific benefits such as Health Insurance and Pensions in countries where these perks are customary. The specifics depend on the country of the applicant
• Dynamic Team Culture: As a global company with team members in over 40 countries, our diverse and international culture fuels our innovation and creativity, providing a key pillar to our success (and making it a lot of fun to work here)