Security Engineer III
Position Overview:
This position, in conjunction with its counterparts, will be responsible for Expedia Group Application Security, focused on AppSec Capabilities / Scope/ Implementation / Evolution, as it pertains to the operational Service and Tooling ownership within Threat and Attack Surface Management. This includes CICD pipeline security integration, testing, detection, and prevention for *AST and SCA, as well as close partnership with Penetration Testing and Crowdsourced security. This position will facilitate the partnerships and integration conversations with Tech and Platform leadership, as well as the continual evaluation and enhancement of coverage capabilities, controls, and efficacy.
This position focuses on protecting the EG Brand and is an integral part of the global security team that is responsible for securing Expedia’s travel platform that supports $99 billion worth of bookings a year!
What You’ll Do:
- Influences and maintains AppSec Service capability and definitions
- Align Strategy to Development and Tech Platforms for automated pipeline integration
- Ensure AppSec tooling aligns to strategy, and is appropriately delivered and maintained to enable full shift-left adoption
- Build and maintain key internal partnerships, and ensure efficacy of AppSec capabilities, adoption, and awareness
- Oversee AppSec Tooling / Third party service providers to ensure accountability and efficacy of delivery
- Evaluate and analyze AppSec vulnerability and threat trends to sponsor programmatic and systemic improvements
Who You Are:
- Visionary - Pragmatic - Intrinsically motivated - adapt with the pace of work environment
- Proactive collaborator that develops and supports colleagues and business partners
- Communicate in a concise and understandable way that generates positive results . Able to simplify security and technical concepts for application developers, business and technology teams
- Familiarity and experience with up-level reporting
- Possess effective project and program management skills (task identification, prioritization, and documentation)
- Expertise in multiple technology and security domains, and builds capabilities that interact across business units
- A background in software development or application security across multiple common languages such as Java, Go, Kotlin, C#, and Python.
- Familiarity with common offensive security testing practices.
- Experience securing, designing, or deploying applications and infrastructure into public cloud services
- Familiarity and Experience with most or all: PrismaCloud/Twistlock,SQL, Python, Agile, JIRA, OWASP, NIST, GitHub, *AST, SCA, Vulnerability Scanning, AWS, Azure, Google Cloud Container, Kubernetes, Docker, Fargate
- Possess a minimum of 3 years of relevant Security experience and 5 years of technical engineering experience
- Understand Regulations, Standards, and Frameworks such as PCI-DSS, SOX, GDPR, ISO 27001/2, NIST CSF, and SOC 2
#LI-CC1
Relocation (Y/N): N
About Expedia Group
Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.
© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, gender, sexual orientation, national origin, disability or age.
