Security Analyst II
Expedia
Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success.
Why Join Us?
To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win.
We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a global hybrid work setup (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We’re building a more open world. Join us.
Security Analyst II:
Are you an experienced security professional who is looking to join a team at the heart of Expedia's Technology Security and Privacy team?
The Expedia Technology Security and Privacy team works across the company’s many groups and products to deliver security solutions to ensure Expedia customers can trust the Expedia brand. You will shape the future of Expedia by bringing a blend of strategy and security management competencies to ensure attack surface reduction. This role is unique and inherently cross-functional - you will collaborate across the multiple teams that develop and run our platform.
The Security Analyst II, Attack Surface Management will work on a team of Security Analysts and Senior Security Engineers. You are an experienced security analyst, capable of supporting the security and privacy domain programs. You will be key to the delivery of measurable security outcomes. You will prepare analysis for Expedia development and infrastructure teams in support of Baseline Security.
In this role, you will:
Leverage analysis of security data to develop insights and create trusted vulnerability and risk reporting that meets user requirements.
Recognize and stay apprised of emerging technology trends and best practices that could potentially benefit the organization
Investigate a range of issues or incidents by gathering and analyzing information, documenting insights and findings on the underlying cause, circumstances, and contributing factors, and suggesting necessary actions for resolution
Effectively identify issues with the quality and performance of products, services, solutions or processes and proposes improvements
Possess knowledge of features and facilities for integration, and communication among applications, databases, and technology platforms to bring together different components and form a fully functional solution to a business problem
Facilitate collaboration with different stakeholders with varied perspectives to develop effective solutions to issues
Apply knowledge and expertise to complex asset management assignments and projects; assists with the development of business area’s asset management standards and procedures
Provide data to quickly reveal the root cause of problems, and analyze problems all the way to successful resolutions
Use knowledge and experience to perform complex platform assessments and assignments in context of security; assists with policy and procedure development
Evaluate trends and results of security investigations and outcomes to proactively tune security technology to force active prevention of security threats to the outermost layer of our infrastructure wherever possible
Review outcomes of security investigations and compares expected prevention steps to actuals and modifies configuration of security controls to bring prevention further to the edge
May design and implement custom software, scripts, policies, extensions, or APIs to support the identification and prevention of information security threats
May conduct interoperability assessments on information security controls to limit friction caused to the end user, developer, analyst, and customer communities
Ensure that information security controls are not in conflict and designs and implements solutions where tooling may overlap
May assist in incident remediation activities by participating in incident response process and adjusting existing or implementing new information security controls to address discovered vulnerabilities or defensive gaps in the detective and preventative control stack live and in real time
Experience and qualifications:
3+ years of experience
Relevant security certification (e.g., SSCP, CISSP, CCSK, AWS, or others)
Experience with physical security system design and configuration
Experience with configuration, deployment, and operation of information security systems, both on-premises and cloud-based - EKS, ECS, RDDS, Kubernetes, Docker, NodeJS and others
You have familiarity with multiple technologies or languages such as Python, Java, SQL, and others
You can explain technology choices to technical and non-technical observers
You can make well-defined technology choices
Experience in mentoring other analysts
Familiarity with engineering sensitive systems in support of security operations
Experience providing assessments and recommendations to technology teams and offers guidance to more junior security engineering individual contributors
Familiar with multi-cloud environments (AWS, GCP and Azure)
Experience with Container security and vulnerability management a plus.
Experience with GitHub and GitHub Advanced Security a plus.
Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.
Accommodation requests
If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request.
We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others.
Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™. © 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.