Security Engineer III

We are looking for a driven and skilled Security Engineer III to join our dynamic Security Engineering team. In this role, you’ll work on mission-critical systems and services that protect our cloud-native, containerized, and hybrid infrastructure across multiple brands and platforms. From endpoint protection and intrusion prevention to privileged identity management and runtime security, your work will have a direct impact on the security posture of Expedia Group.

You’ll not only lead the engineering of cutting-edge security tools and frameworks but also collaborate with cross-functional teams to solve complex challenges, mentor peers, and influence security best practices across the organization.

What You'll Be Doing

• Design and deploy advanced, scalable security solutions to protect Expedia’s infrastructure, applications, and customer data
• Monitor and enhance the security of cloud-native and hybrid systems, improving performance and resilience through automation
• Lead the development of technical architectures and detailed deployment plans for various security initiatives
• Write robust technical documentation, engineering plans, and test cases to support security implementations
• Collaborate with software developers, cloud architects, and operations teams to embed security best practices into the SDLC
• Serve as a mentor and thought leader within the security engineering team, helping grow technical knowledge and operational excellence
• Continuously evaluate emerging security threats and technologies to keep our defenses ahead of the curve

What We're Looking For

• 5+ years of experience in security engineering or operations in large, mission-critical environments

• Proven experience in designing, deploying, and maintaining security tools such as.

  • Web Application Firewalls (WAF)

  • Bot Management

  • Cloud Security Posture Management (CSPM)

  • Data Security Posture Management (DSPM)

  • Static/Dynamic Application Security Testing (SAST/DAST)

  • API Security, Runtime Application Self-Protection (RASP)

• Strong grasp of cloud security concepts, particularly within the AWS ecosystem (EC2, VPC, S3, IAM, Lambda, CloudFormation, etc.)
• Solid scripting and programming skills using Python, Java, Perl, Ruby, or C++, with at least 2 years of practical experience in automation or tooling development
• Demonstrated ability to analyze logs, interpret alerts, and conduct forensic analysis across systems and network layers
• Experience writing detection rules for complex web applications and advocating for detection engineering best practices
• In-depth knowledge of network and system architecture, coupled with a solid understanding of security principles and frameworks (e.g., OWASP, NIST)
• A proactive and problem-solving mindset, with the ability to take ownership of security issues from discovery through resolution

Who You Are

• A self-starter with strong engineering instincts and a desire to secure systems at scale
• A collaborative team player who values open communication and feedback
• An enthusiastic learner with a curiosity for emerging technologies and new approaches
• Someone who thrives in a dynamic environment and is comfortable navigating ambiguity and change
• A mentor and technical leader who takes pride in sharing knowledge and building up those around you

We Are Expedia Group

We’re proud to have been named a Glassdoor Best Place to Work in 2024, and recognized for our award-winning culture by TIME, Forbes, Disability:IN, and many others. Our diverse family of brands helps millions of people travel more easily, safely, and joyfully every year.

At Expedia Group, diversity, equity, and inclusion are more than just buzzwords. We actively work to create an environment where all employees can thrive—regardless of race, religion, gender, age, sexual orientation, or disability. We believe that when one of us wins, we all win.