Expedia Group is looking for a hardworking and highly motivated Security Engineer to join the Enterprise Risk & Security Team. You will work with one of the best security teams in the world, ensuring that the data we are trusted to protect is secured to the highest standard.
Do you share our excitement for solving complicated business and security problems, while minimizing friction, maximizing output and impact? The Network Vulnerability, Application Security and Data Loss Prevention Specialist is a hands-on role that requires high degree of technical expertise. Your responsibilities will include assessing identified vulnerabilities, prioritizing and driving remediation of vulnerabilities relating to systems, applications, and infrastructure devices.
You will be responsible for working on program maturity efforts and initiatives in Vulnerability Management and Application Security functions. This includes, but not limited to: finding improvements with vulnerability scanning automation; validation of vulnerability findings; asset/network discovery; regulatory scanning requirements; driving next generation security operations approaches/tools and producing automated dashboards to measure the effectiveness of the program.
What you'll do
- Perform asset, network, and application discovery activities, helping to ensure full coverage of the Expedia and the Expedia Brand environments
- You'll conduct system and application vulnerability testing
- Review, assess, and mitigate vulnerability assessments on information systems and infrastructure
- You will collate security incident and event data to produce monthly exception and management reports
- Develop program quality metrics as both program performance indicators and enterprise risk indicators
- You'll integrate findings across infrastructure, web application, and static code security testing to provide a holistic security posture for assets
- Monitor security vulnerability information from vendors and third parties
Who you are
- A minimum of 1+ years job related experience in compliance or technical engineering field
- You have worked in a regulated environment, preferably taking care of PCI, SOX, SOC 2 or other federally regulated examinations
- Shown expertise in leading a compliance project and effectively handling partners
- You have fundamental security tooling experience including automating tasks
- Knowledge and familiarity related to administering and securing operating systems, database platforms, endpoint security and network infrastructure is preferred
- You have understanding of standards related to network architecture & security controls (Routers, Firewalls, networking protocols, etc.)