Security Engineer II (Pen Testing)
Do you love Cyber Security?
Are you someone who has a solid background in information security and seeks to join Expedia Group’s pen test team?
This is an excellent opportunity for an experienced, forward-looking red teamer (adversary attack simulation) to join enterprise security penetration testing capability at Expedia Group. This requires highly skilled and experienced penetration testing/red team specialists who can ensure Expedia Group has the ability to uncover and subsequently remediate vulnerabilities through the delivery of high vigilance and transparency.
Expedia Group is looking for you to perform pen tests on its infrastructure and applications. You will perform the full cycle of penetration testing engagements - from scoping, through threat modelling, information gathering, discovery, vulnerability assessment, active testing, pivoting and reporting.
What you’ll do
- You'll be responsible for penetration testing and red teaming activities, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results
- Develop and refine methodologies to conduct Red Team operations successfully and consistently covering all areas of technology
- You will assess EG’s existing security capabilities to detect and respond to emerging threats and work with Detection team to ensure a smooth execution of testing activities (e.g. red/purple teaming, high-reaching cyber games, etc.)
- Work with Threat Research team to develop red team scenarios in harmony with real attacks as well as business lines understanding their threats
- You'll plan and execute complex red-team exercise by replicating, in a safe way, the strategies, techniques and procedures of threat actors, including technical coordination of activities and periodic reporting of progress to partners
- Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex scenarios, emulating malicious actor behavior aimed at avoiding detection
- You will deeply document exploit chain/proof of concept scenarios and influence partners in understanding risk exposure and containment measures from vulnerabilities
Who you are
- Bachelor’s Degree in engineering, Computer Science/Information Technology or its equivalent with enthusiasm for security researching
- You have 6+ years of experience executing large scale penetration testing / red team testing assessments of highly critical systems
- OSCP, OSCE, GPEN, CREST or similar certifications are a plus
- You possess strong knowledge of security frameworks e.g. OWASP, SANS, MITRE ATT&CK Framework, Firewalls, IDS/IPS, Web Proxies and DLP among other
- Detailed and up-to-date knowledge of wide range of security tools like Burp Suite, Nessus, Metasploit, Empire, Cobalt Strike, etc. and familiarity with common reconnaissance, exploitation, and post exploitation frameworks
- You have the ability to develop creative tools, solutions, processes and automate tasks using a scripting language (Python, Perl, Ruby, etc.)
- Knowledge of Linux operating systems, Source Code Analysis, Mobile Application Security, Microsoft technologies like Active Directory and others
- You have the communication skill set to influence VPs, Directors, and other Technology Leaders to prioritize and execute remediation plans
Why join us
Expedia Group recognizes our success is dependent on the success of our people. We are the world's travel platform, made up of the most knowledgeable, passionate, and creative people in our business. Our brands recognize the power of travel to break down barriers and make people's lives better – that responsibility inspires us to be the place where exceptional people want to do their best work, and to provide them to tools to do so.
Whether you're applying to work in engineering or customer support, marketing or lodging supply, at Expedia Group we act as one team, working towards a common goal; to bring the world within reach. We relentlessly strive for better, but not at the cost of the customer. We act with humility and optimism, respecting ideas big and small. We value diversity and voices of all volumes. We are a global organization but keep our feet on the ground so we can act fast and stay simple. Our teams also have the chance to give back on a local level and make a difference through our corporate social responsibility program, Expedia Cares.
If you have a hunger to make a difference with one of the most loved consumer brands in the world and to work in the dynamic travel industry, this is the job for you.
Our family of travel brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Egencia®, trivago®, HomeAway®, Orbitz®, Travelocity®, Wotif®, lastminute.com.au®, ebookers®, CheapTickets®, Hotwire®, Classic Vacations®, Expedia® Media Solutions, CarRentals.com™, Expedia Local Expert®, Expedia® CruiseShipCenters®, SilverRail Technologies, Inc., ALICE and Traveldoo®.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.