Senior Security Engineer, Vulnerability Management

If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.

Senior Security Engineer, Vulnerability Management

Are you a highly experienced security professional and leader who is looking to join a team at the heart of Expedia's Technology Security and Privacy team?

The Expedia Technology Security and Privacy team works across the company's many groups and products to deliver security solutions to ensure Expedia customers can trust the Expedia brand. You will shape the future of Expedia by bringing a blend of strategy and security management competencies to ensure attack surface reduction. This role is unique and inherently cross-functional - you will collaborate across the multiple teams that develop and run our platform.

The Senior Security Engineer, Attack Surface Management is a security engineering leader, security consultant, and mentor. This person is a master of their craft, and able to wear many hats in the security and privacy domain. They are an autonomous leader, comfortable in ambiguity and capable of designing resilient security programs to deliver measurable security outcomes. They will develop the future of Baseline Security at Expedia through direct ownership of initiatives.

What you'll do:

• Leverages analysis of requirements to design the architecture for central or distributed environments to meet user requirements

• Recognizes and stays apprised of emerging technology trends and best practices that could potentially benefit the organization

• Investigates a range of issues or incidents by gathering and analyzing information, documenting insights and findings on the underlying cause, circumstances, and contributing factors, and suggesting necessary actions for resolution

• Effectively identify issues with the quality and performance of products, services, solutions or processes and proposes improvements

• Possesses knowledge of features and facilities for integration, and communication among applications, databases, and technology platforms to bring together different components and form a fully functional solution to a business problem

• Facilitates collaboration with different stakeholders with varied perspectives to develop effective solutions to issues

• Strives for optimum organizational efficiency by applying systems thinking across boundaries and making recommendations about policies/ processes

• Takes a whole systems approach to analyze issues and implements holistic solutions by ensuring that linkages between structure, people, process and technology are made

• Applies knowledge and expertise to complex asset management assignments and projects; assists with the development of business area's asset management standards and procedures

• Conducts a deep review of data and issues to quickly reveal the root cause of problem

• Recommends interim and long-term solutions to complex problems to ensure successful resolution

• Executes solutions to complex problems; guides the analysis of a problem all the way to a successful resolution

• Uses knowledge and experience to perform complex platform assessments and assignments in context of security; assists with policy and procedure development

• Evaluates trends and results of security investigations and outcomes to proactively tune security technology to force active prevention of security threats to the outermost layer of our infrastructure wherever possible

• May conduct continuous improvement exercises to evaluate efficacy of information security controls and improve detection and prevention rates. Reviews outcomes of security investigations and compares expected prevention steps to actuals and modifies configuration of security controls to bring prevention further to the edge

• May design and implement custom software, scripts, policies, extensions, or APIs to support the identification and prevention of information security threats

• May conduct interoperability assessments on information security controls to limit friction caused to the end user, developer, analyst, and customer communities

• Ensures that information security controls are not in conflict and designs and implements solutions where tooling may overlap

• May assist in incident remediation activities by participating in incident response process and adjusting existing or implementing new information security controls to address discovered vulnerabilities or defensive gaps in the detective and preventative control stack live and in real time

Who you are:

• 5+ years of experience

• Relevant security certification (e.g., SSCP, CISSP, CCSK, AWS, or others)

• Expert in physical security system design and configuration

• Expert in configuration, deployment, and operation of information security systems, both on-premise and cloud-based

• Has strength in multiple technologies or languages such as Python, Java, SQL, and others

• Justifies technology choices to technical and non-technical observers

• Serves as an expert for baseline security

• Makes well-defined technology choices

• Mentors other engineers (Individual Contributor I, II, III)

• Capable of independently engineering sensitive systems in support of security operations

• Provides assessments and recommendations to technology teams and offers guidance to more junior security engineering individual contributors

The total cash range for this position in Austin is $146,000 to $204,500. Employees in this role have the potential to increase their pay up to $233,500, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.

The total cash range for this position in Seattle is $146,000.00 to $204,500.00. Employees in this role have the potential to increase their pay up to $233,500.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.

Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual's knowledge, skills, and experience. Pay ranges may be modified in the future.

Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee's passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership.View our full list of benefits.

About Expedia Group

Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia, Hotels.com, Expedia Partner Solutions, Vrbo, trivago, Orbitz, Travelocity, Hotwire, Wotif, ebookers, CheapTickets, Expedia Group Media Solutions, Expedia Local Expert, CarRentals.com, and Expedia Cruises.

2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50

Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you're confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.

Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.