Security Analyst II

Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success.

Why Join Us?

To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win.

We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a global hybrid work setup (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We’re building a more open world. Join us.

Security Analyst II:

Are you an experienced security professional who is looking to join a team at the heart of Expedia's Technology Security and Privacy team?   

The Expedia Technology Security and Privacy team works across the company’s many groups and products to deliver security solutions to ensure Expedia customers can trust the Expedia brand. You will shape the future of Expedia by bringing a blend of strategy and security management competencies to ensure attack surface reduction. This role is unique and inherently cross-functional - you will collaborate across the multiple teams that develop and run our platform.   

The Security Analyst II, Attack Surface Management will work on a team of Security Analysts and Senior Security Engineers. You are an experienced security analyst, capable of supporting the security and privacy domain programs. You will be key to the delivery of measurable security outcomes. You will prepare analysis for Expedia development and infrastructure teams in support of Baseline Security.   

In this role, you will:  

• Leverage analysis of security data to develop insights and create trusted vulnerability and risk reporting that meets user requirements.  

• Recognize and stay apprised of emerging technology trends and best practices that could potentially benefit the organization  

• Investigate a range of issues or incidents by gathering and analyzing information, documenting insights and findings on the underlying cause, circumstances, and contributing factors, and suggesting necessary actions for resolution  

• Effectively identify issues with the quality and performance of products, services, solutions or processes and proposes improvements  

• Possess knowledge of features and facilities for integration, and communication among applications, databases, and technology platforms to bring together different components and form a fully functional solution to a business problem  

• Facilitate collaboration with different stakeholders with varied perspectives to develop effective solutions to issues  

• Apply knowledge and expertise to complex asset management assignments and projects; assists with the development of business area’s asset management standards and procedures  

• Provide data to quickly reveal the root cause of problems, and analyze problems all the way to successful resolutions

• Use knowledge and experience to perform complex platform assessments and assignments in context of security; assists with policy and procedure development  

• Evaluate trends and results of security investigations and outcomes to proactively tune security technology to force active prevention of security threats to the outermost layer of our infrastructure wherever possible  

• Review outcomes of security investigations and compares expected prevention steps to actuals and modifies configuration of security controls to bring prevention further to the edge  

• May design and implement custom software, scripts, policies, extensions, or APIs to support the identification and prevention of information security threats  

• May conduct interoperability assessments on information security controls to limit friction caused to the end user, developer, analyst, and customer communities  

• Ensure that information security controls are not in conflict and designs and implements solutions where tooling may overlap  

• May assist in incident remediation activities by participating in incident response process and adjusting existing or implementing new information security controls to address discovered vulnerabilities or defensive gaps in the detective and preventative control stack live and in real time

  

Experience and qualifications: 

• 3+ years of experience  

• Relevant security certification (e.g., SSCP, CISSP, CCSK, AWS, or others)  

• Experience with physical security system design and configuration  

• Experience with configuration, deployment, and operation of information security systems, both on-premises and cloud-based - EKS, ECS, RDDS, Kubernetes, Docker, NodeJS and others 

• You have familiarity with multiple technologies or languages such as Python, Java, SQL, and others  

• You can explain technology choices to technical and non-technical observers  

• You can make well-defined technology choices  

• Experience in mentoring other analysts  

• Familiarity with engineering sensitive systems in support of security operations  

• Experience providing assessments and recommendations to technology teams and offers guidance to more junior security engineering individual contributors

• Familiar with multi-cloud environments (AWS, GCP and Azure) 

• Experience with Container security and vulnerability management a plus. 

• Experience with GitHub and GitHub Advanced Security a plus. 

The total cash range for this position in Seattle is $112,000.00 to $156,500.00. Employees in this role have the potential to increase their pay up to $179,000.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.

Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.

Accommodation requests

If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request.

We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others.

Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™. © 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50

Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.

Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.