Plan, coordinate and implement security measures for information systems to regulate access to data files and prevent unauthorized modification, destruction or disclosure of information.
To future-proof Expedia by ensuring our talent is ready to lead in our ever-changing environment. Ensure the leadership capability, high performance culture, and talent management processes to drive organizational effectiveness. Ensure our proposition is renowned for creatively attracting, developing and retaining talent.
The Network Vulnerability, Application Security and Data Loss Prevention specialist is a hands-on role that requires high degree of technical expertise. The person is responsible for a broad range of tasks, including the day-to-day administration of vulnerability scanning and application security assessment tools. Qualified candidate will be responsible for assessing identified vulnerabilities, prioritizing and driving remediation of vulnerabilities relating to systems, applications, and infrastructure devices.
The candidate will be responsible for leading program maturity efforts and initiatives in Vulnerability Management and Application Security functions within the Infosec Operations department. This includes, but is not limited to: driving improvements with vulnerability scanning automation; validation of vulnerability findings; asset/network discovery; regulatory scanning requirements; driving next generation security operations approaches/tools and producing automated dashboards to measure the effectiveness of the program.
The individual in this position interacts closely with personnel from various IT departments — including the application development, operations and network, and client development — and with business departments.
Duties & Responsibilities:
- Perform asset and network discovery activities, helping to ensure full coverage of the Expedia and the Expedia Brand environments
- Perform network and application security scans using the latest scanner tools and methodology
- Perform system and application vulnerability testing
- Establish a strategy and framework for performing validation of scanning results
- Review assets, and mitigate vulnerability assessments on information systems and infrastructure
- Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach
- Collate security incident and event data to produce monthly exception and management reports
- Developing program quality metrics as both program performance indicators and enterprise risk indicators
- Leverage firm inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress
- Integrate findings across infrastructure, web application, and static code security testing to provide a holistic security posture for assets
- Monitor security vulnerability information from vendors and third parties
- Helping to develop the firm’s next generation vulnerability management program including formalized assessment criteria, integration with asset inventory, enterprise vulnerability scanning, and remediation tracking and governance.