Senior Security Engineer, Vulnerability Management
Onsite
Austin, TX, United States
Austin, TX, United States
Posted 22 days ago
Job Details
If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application. Senior Security Engineer, Vulnerability Management Are you a highly experienced security professional and leader who is looking to join a team at the heart of Expedia's Technology Security and Privacy team? The Expedia Technology Security and Privacy team works across the company’s many groups and products to deliver security solutions to ensure Expedia customers can trust the Expedia brand. You will shape the future of Expedia by bringing a blend of strategy and security management competencies to ensure attack surface reduction. This role is unique and inherently cross-functional - you will collaborate across the multiple teams that develop and run our platform. The Senior Security Engineer, Attack Surface Management is a security engineering leader, security consultant, and mentor. This person is a master of their craft, and able to wear many hats in the security and privacy domain. They are an autonomous leader, comfortable in ambiguity and capable of designing resilient security programs to deliver measurable security outcomes. They will develop the future of Baseline Security at Expedia through direct ownership of initiatives. What you'll do:
- Leverages analysis of requirements to design the architecture for central or distributed environments to meet user requirements
- Recognizes and stays apprised of emerging technology trends and best practices that could potentially benefit the organization
- Investigates a range of issues or incidents by gathering and analyzing information, documenting insights and findings on the underlying cause, circumstances, and contributing factors, and suggesting necessary actions for resolution
- Effectively identify issues with the quality and performance of products, services, solutions or processes and proposes improvements
- Possesses knowledge of features and facilities for integration, and communication among applications, databases, and technology platforms to bring together different components and form a fully functional solution to a business problem
- Facilitates collaboration with different stakeholders with varied perspectives to develop effective solutions to issues
- Strives for optimum organizational efficiency by applying systems thinking across boundaries and making recommendations about policies/ processes
- Takes a whole systems approach to analyze issues and implements holistic solutions by ensuring that linkages between structure, people, process and technology are made
- Applies knowledge and expertise to complex asset management assignments and projects; assists with the development of business area’s asset management standards and procedures
- Conducts a deep review of data and issues to quickly reveal the root cause of problem
- Recommends interim and long-term solutions to complex problems to ensure successful resolution
- Executes solutions to complex problems; guides the analysis of a problem all the way to a successful resolution
- Uses knowledge and experience to perform complex platform assessments and assignments in context of security; assists with policy and procedure development
- Evaluates trends and results of security investigations and outcomes to proactively tune security technology to force active prevention of security threats to the outermost layer of our infrastructure wherever possible
- May conduct continuous improvement exercises to evaluate efficacy of information security controls and improve detection and prevention rates. Reviews outcomes of security investigations and compares expected prevention steps to actuals and modifies configuration of security controls to bring prevention further to the edge
- May design and implement custom software, scripts, policies, extensions, or APIs to support the identification and prevention of information security threats
- May conduct interoperability assessments on information security controls to limit friction caused to the end user, developer, analyst, and customer communities
- Ensures that information security controls are not in conflict and designs and implements solutions where tooling may overlap
- May assist in incident remediation activities by participating in incident response process and adjusting existing or implementing new information security controls to address discovered vulnerabilities or defensive gaps in the detective and preventative control stack live and in real time
- 5+ years of experience
- Relevant security certification (e.g., SSCP, CISSP, CCSK, AWS, or others)
- Expert in physical security system design and configuration
- Expert in configuration, deployment, and operation of information security systems, both on-premise and cloud-based
- Has strength in multiple technologies or languages such as Python, Java, SQL, and others
- Justifies technology choices to technical and non-technical observers
- Serves as an expert for baseline security
- Makes well-defined technology choices
- Mentors other engineers (Individual Contributor I, II, III)
- Capable of independently engineering sensitive systems in support of security operations
- Provides assessments and recommendations to technology teams and offers guidance to more junior security engineering individual contributors
Learn more about Expedia Group
Help us maintain the quality of jobs posted on PowerToFly. Let us know if this job is closed.
Mission
We're connecting diverse talent to big career moves. Meeting people who boost your career is hard - yet networking is key to growth and economic empowerment. We’re here to support you - within your current workplace or somewhere new. Upskill, join daily virtual events, apply to roles (it’s free!).
Are you hiring? Join our platform for diversifiying your team