Security Engineer III-Penetration Tester

India - Gurgaon

Expedia Group

We empower you to discover a world of growth and potential, so you can transform travel for all.

View all jobs at Expedia Group

If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.

Security Engineer III-Penetration Tester

Are you passionate about Red Teaming/Penetration Testing? Do you love Cyber Security? Do you love mobile pen testing? Are you someone who has solid background into information security and wants to join Expedia Group’s pen test team?
This is an excellent opportunity for an experienced, forward-looking red teamer to join enterprise security penetration testing capability at Expedia Group. This requires highly skilled and experienced penetration testing/red team specialists who can ensure Expedia Group has the ability to uncover and subsequently remediate vulnerabilities through the delivery of high vigilance and transparency.


Expedia Group is looking for a penetration tester to perform pen test on its infrastructure and applications (web & mobile). The scope of this role includes performing the full cycle of penetration testing engagements - from scoping, through threat modelling, information gathering, discovery, vulnerability assessment, active testing, pivoting and reporting.
 

What you will do:

  • Responsible for penetration testing and red teaming activities, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.

  • Develop and refine methodologies to conduct Red Team operations successfully and consistently covering all areas of technology.

  • Assess EG’s existing security capabilities to detect and respond to emerging threats and work with Detection team to ensure a smooth execution of testing activities (e.g. red/purple teaming, competitive cyber games, etc.).

  • Work with Threat Research team to develop red team scenarios consistent with real attacks as well as business lines understanding their threats.

  • Plan and execute complex red-team exercise by replicating, in a safe way, the tactics, techniques and procedures of threat actors, including technical coordination of activities and periodic reporting of progresses to partners.

  • Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex scenarios, emulating malicious actor behavior aimed at avoiding detection.

  • Deeply document exploit chain/proof of concept scenarios and influence partners in understanding risk exposure and containment measures from vulnerabilities.Perform mobile pen testing (android or/and iOS).

Who you are:

  • Bachelor’s Degree in Engineering, Computer Science/Information Technology or its equivalent with real passion for security researching

  • 5+ years of experience executing large scale penetration testing / red team testing assessments of highly critical systems
    OSCP, OSCE, GPEN, CREST or similar certifications will be a plus

  • Strong knowledge of security frameworks e.g. OWASP, SANS, MITRE ATT&CK Framework, Firewalls, IDS/IPS, Web Proxies and DLP among other.

  • Expertise in mobile pen testing (android or/and iOS).

  • Detailed and up-to-date knowledge of wide range of security tools like Burp Suite, Nessus, Metasploit, Empire, Cobalt Strike, mobile security frameworks etc. and familiarity with common reconnaissance, exploitation, and post exploitation frameworks.

  • Ability to develop creative tools, solutions, processes and automate tasks using a scripting language (Python, Perl, Ruby, etc.)
    Knowledge of Linux operating systems, Source Code Analysis, Mobile Application Security, Microsoft technologies like Active Directory and others.

  • Communication skillset to influence other technology leaders during strategic recommendations on security issues identified.Exposure to cloud pen testing skills.

About Expedia Group 

Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.  

© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50

Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.

Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, gender, sexual orientation, national origin, disability or age.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  21  7  0

Tags: Active Directory Android Application security Burp Suite Cloud Cobalt Strike Code analysis Computer Science CREST Exploit Firewalls GPEN IDS iOS IPS Linux Metasploit MITRE ATT&CK Mobile security Nessus OSCE OSCP OWASP Pentesting Perl Python Red team Ruby SANS Scripting Threat Research Vulnerabilities

Perks/benefits: Career development

Region: Asia/Pacific
Country: India

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.