Director, Vulnerability Reduction
Looking to join our exciting Security team at Expedia Group, securing our company to continue to be at the forefront of travel technology? That is what we do within Enterprise Risk & Security (ERS). Our job is to ensure that our employees, consumers, and partners have a safe and secure experience while operating our services and brands. You can be a part of this!
ERS seeks a Director of Vulnerability Reduction to set the strategic direction for managing risk and securing IT across data center and cloud-based environments. The security wing of ERS designs, engineers and operates technical solutions that when coupled with documented processes and capable people, delivers enterprise-wide security services inside of service level objectives. People, technology, process and innovation are at the heart of our organization.
This role will be reporting into the Senior Director of Security Operations. As Director of Vulnerability Reduction you will drive long-term operational security thought leadership throughout Expedia Group and its internal and external partners. You will engage with direct reports, security team engineers, external partners and product team strategists to define, document and operate vulnerability reduction services that identify security gaps, prescribe fix actions and thereby elevate our enterprise security posture. Additionally, by leading penetration tests and red teams you will assess, prioritize and report on breaks in our security defenses. This position will require personnel and technical leadership, communication, collaboration and influencing skills.
Who you are
- You have earned a BA/BS in Engineering, Computer Science, Information Security, or Information Systems with a minimum of 12 years of computer and network security experience
- You hold a CISSP, CISM, CISA, Security+, CEH, GCIA, GCIH or related certification
- You have built or transformed highly effective vulnerability management programs within a global enterprise
- You have demonstrated experience developing and leading a technically advanced security team in a global environment
- You have advanced knowledge and of common communications protocols and attack techniques and embrace an ongoing pursuit of following new developments in this dynamic space and sharing them with othersy
- You possess broad and deep understanding of technical security concepts and familiarity with related technologies and infrastructure, as well as a solid conceptual knowledge of enterprise IT system operations
- You are fluent in common cybersecurity domains such as data protection, access control, encryption, identify management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence, risk assessments
- You easily collaborate across a large, matrixed organization utilizing strong written and verbal communication skills
What you will do
- You will deliver world-class vulnerability reduction services for Expedia Group across disparate brands and geographic locations
- You will build, lead and direct penetration testing and red-team activities to identify and reduce vulnerabilities and elevate cybersecurity posture across the company
- You will formulate and maintain the vulnerability reduction roadmap in close coordination with product strategy and security engineering
- You will lead scalable and effective remediation at all layers of the organization, infrastructure and application stack by applying appropriate risk-based prioritization, simplifying requests and collaborating with business partners
- You will recruit, coach, train, lead, and inspire a global team that strives for continual improvement
- You will ensure the development, testing and implementation of appropriate security plans, products and control techniques to ensure a defense in depth security program is established across the enterprise
- You will disseminate standards, policies, and develop business metrics for measuring and monitoring cyber & IT vulnerabilities on a continuous basis
Why join us
Expedia Group recognizes our success is dependent on the success of our people. We are the world's travel platform, made up of the most knowledgeable, passionate, and creative people in our business. Our brands recognize the power of travel to break down barriers and make people's lives better – that responsibility inspires us to be the place where exceptional people want to do their best work, and to provide them the tools to do so.
Whether you're applying to work in engineering or customer support, marketing or lodging supply, at Expedia Group we act as one team, working towards a common goal; to bring the world within reach. We relentlessly strive for better, but not at the cost of the customer. We act with humility and optimism, respecting ideas big and small. We value diversity and voices of all volumes. We are a global organization but keep our feet on the ground, so we can act fast and stay simple. Our teams also have the chance to give back on a local level and make a difference through our corporate social responsibility program, Expedia Cares.
If you have a hunger to make a difference with one of the most loved consumer brands in the world and to work in the dynamic travel industry, this is the job for you.
Our family of travel brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Egencia®, trivago®, HomeAway®, Orbitz®, Travelocity®, Wotif®, lastminute.com.au®, ebookers®, CheapTickets®, Hotwire®, Classic Vacations®, Expedia® Media Solutions, CarRentals.com™, Expedia Local Expert®, Expedia® CruiseShipCenters®, SilverRail Technologies, Inc., ALICE and Traveldoo®.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.