Security Engineer III

Our team at Expedia Group are primarily engaged in Design, Development, Deployment and maintenance of Certificate and Secret Management Platform within our compute environment.

We partner with different EG teams to help them onboard their application, leverage cloud technologies and principles while maintaining strong security, governance, resiliency, and reliability.

We are looking for a high performing individual contributor who acts as a mentor to more junior engineers, applies new engineering principles to improve existing systems, and is responsible for leading complex, well-defined projects.

What you will do:

• Analyzes requirements and assists with the design of architecture for central processing.

• Research information, data, trends, and best practices in emerging technology and share beneficial information with relevant stakeholders.

• Investigates standard or routine issues or incidents and drafts concise, balanced, evidence-based reports on findings.

• Conducts rigorous tests and inspections of products, services, solutions, or processes to evaluate quality or performance.

• Demonstrates knowledge of advanced and relevant technology.

• Exhibits comfort working with several forms of technology

• Understands the relationship between applications, databases, and technology platforms.

• Brings together different stakeholders with varied perspectives to develop solutions to issues and contributes own suggestions.

• Thinks holistically to identify opportunities around policies/ processes to increase efficiency across organizational boundaries.

• Assists with a whole systems approach to analyzing issues by ensuring all components (structure, people, process and technology) are identified and accounted for.

• Performs routine responsibilities to procure, distribute and maintain an inventory of technology assets, gaining depth of knowledge in this functional area.

• Gathers pertinent information about a problem by analyzing data and patterns and identifying underlying issues.

• Researches and recommends more detailed solutions to resolve problems.

• Implements solutions based on advanced knowledge of standard practices and previous experiences; escalates complex or unprecedented issues and needed.

• Performs more advanced information security engineering responsibilities, including engineering security solutions for non-routine assignments.

• Evaluates threat intelligence findings including attacker tactics, techniques, and procedures to suggest and implement security technology solutions to proactively identify and prevent security threats.

• May evaluate, implement, manage, and maintain a variety of information security systems and hardware including but not limited to intrusion prevention systems, packet capture systems, firewalls, security information & event management (SIEM) systems, log analysis platforms, endpoint detection and response platforms, anti-malware engines, malware sandboxes, email threat analysis systems, etc.

• May implement custom software, scripts, policies, extensions, or APIs to support the identification and prevention of information security threats.

• Collaborates with security operations analysts to understand and design solutions to security threats actively being observed and monitored in the environment.

Who you are:

• 5+ years for Bachelor's or 3+ years for master's or equivalent experience

• Has strength in a couple programming languages and/or one language with multiple technology implementations.

• Familiarity with the following technologies:

• HashiCorp Terraform

• Secret Management using Vault

• Certificate Management

• GitHub, GitHub Actions

• AWS EC2, Fargate, MSK, EFS, S2

• Networking concepts including firewall rules, DNS, AWS VPC, routing and peering.

• Identifies strengths and weaknesses among programming languages for use cases.

• Selects among technology available to implement and solve for need.

• Can independently implement threat mitigations in technology platforms and can engineering sensitive systems to support security operations with guidance from more senior individual contributors.