At Expedia Group, we help travelers explore the world, one journey at a time. As a global travel company powered by passionate people, trusted partnerships, and leading technology, we connect travelers, partners, and advertisers through our consumer brands, B2B network, and travel advertising business.
Here, you'll do meaningful work that helps millions of people discover, book, and experience travel with more ease, confidence, and joy. Our five Behaviors-Traveler First, Think Big, Operate with Excellence, Ownership Mindset, and Succeed Together-help foster a supportive environment where people can grow their careers and have the flexibility, benefits, and support to do their best work. Join us and build for travelers everywhere.
Product Security Architect III
Our Technology Team partners with teams across Expedia Group to create innovative products, services, and tools to deliver high-quality experiences for travelers, partners, and our employees. A singular technology platform powered by data and machine learning provides secure, differentiated, and personalized experiences that drive loyalty and traveler satisfaction.
The Product Security Architecture team partners with product, engineering, and platform teams to ensure security and privacy are built into Expedia Group products by design, from ideation through operations. We enable our business partners to build resilient, future-ready solutions that advance Expedia Group's security posture and operational velocity.
We focus on secure-by-design product architecture, security assessments, threat modeling, and continuous verification of security requirements across our business products and platforms.
You will join a small, senior team of hands-on product security architects who work across domains and technologies, helping teams make pragmatic security decisions that enable innovation at scale.
In this role, you will:
Define and evolve security architecture patterns, standards, and reference designs that enable secure-by-design product development across multiple platforms and services.
Partner with product, engineering, and infrastructure teams to design secure system architectures, including API design, low-level design (LLD), and data models that protect customer and partner data.
Lead threat modeling, security design reviews, and risk assessments for complex product initiatives, translating security requirements into actionable engineering guidance.
Provide technical leadership on application security controls (authentication, authorization, encryption, key management, secrets handling) and drive their consistent adoption across domains.
Guide teams in safely integrating and operating AI/ML‑enabled and AI-driven solutions, tools, or workflows that improve security and product outcomes, including applying AI/ML concepts to real-world products.
Influence roadmap and technical decision-making by aligning product security architecture with business objectives, regulatory needs, and operational constraints across multiple product areas.
Minimum Qualifications:
Bachelor’s degree in Computer Science or a related technical field; or Equivalent related professional experience.
5+ years of relevant professional experience.
Experience in product or application security with hands-on involvement in designing secure architectures for services, APIs, and data models within complex, distributed systems.
Proven ownership of security architecture for a significant product area, service group, or domain, including driving security requirements from design through implementation.
Strong technical depth in security fundamentals such as secure software development practices, identity and access management, cryptography usage, and cloud-native security controls, including familiarity with AI-driven systems, tools, or workflows and applying AI/ML concepts to real world products.
Preferred Qualifications:
Advanced experience defining and implementing security architecture patterns at scale for multi-service or domain-wide product ecosystems in a cloud-native environment.
Track record of leading security architecture for complex, highly available, and high-throughput systems, including data-intensive and API-centric products, with a focus on operational excellence and resiliency.
Demonstrated ability to drive secure-by-design practices across engineering teams, including formal threat modeling, security design reviews, and integration of security automation into CI/CD pipelines, telemetry, and monitoring.
Experience designing and governing security controls for AI/ML‑enabled and AI-driven products or platforms, including model security, data protection, responsible use of AI in production systems, and safely integrating and operating AI/ML‑enabled solutions that improve outcomes.
Deep expertise in applying data-driven approaches (such as security metrics, risk scores, and telemetry) to prioritize security investments, influence architecture decisions, and continuously improve product security posture across multiple domains.
Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.
Benefits and perks
Expedia Group offers benefits and perks designed to support employees and their families, including medical, dental, and vision coverage, paid time off, an Employee Assistance Program, wellness and travel reimbursement, travel discounts, and International Airlines Travel Agent Network (IATAN) membership. Learn more about life at Expedia Group at https://careers.expediggroup.com/life.
Accommodation requests
Expedia Group is committed to providing an inclusive and accessible recruiting experience. If you need an accommodation or adjustment due to a disability during the application or recruiting process, please submit a request at https://expedia.service-now.com/askeg?id=job_accommodation.
About Expedia Group
Expedia Group includes three flagship consumer brands - Expedia, Hotels.com, and Vrbo - along with a leading B2B travel business and travel advertising offerings. Across our brands and business, we help travelers explore the world with confidence and ease.
Important notice
Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never share sensitive personal information unless you are confident of the recipient. Expedia Group does not extend job offers via email or messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official place to find and apply for roles is https://careers.expediagroup.com/jobs/.
Equal Opportunity
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other characteristic protected by law. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.Skills Required
- Bachelor's degree in Computer Science or related field, or equivalent experience.
- 5+ years of relevant professional experience.
- Experience in product or application security designing secure architectures for services, APIs, and data models in complex distributed systems.
- Proven ownership of security architecture for a significant product area, service group, or domain, driving security requirements from design through implementation.
- Strong technical depth in secure software development practices, identity and access management, cryptography, and cloud-native security controls.
- Familiarity with AI-driven systems and applying AI/ML concepts to real-world products.
- Experience with authentication, authorization, encryption, key management, and secrets handling.
Expedia Group Compensation & Benefits Highlights
-
Wellbeing & Lifestyle Benefits — Travel and wellness reimbursements, employee travel discounts, and flexible stipends are presented as standout perks that add meaningful lifestyle value. Mental-health resources and pet support broaden the package beyond core pay.
-
Parental & Family Support — Paid parental leave for all parents with additional time for birthing parents, plus adoption, surrogacy, and caregiver support, are highlighted as generous and accessible. Immediate eligibility for parental leave reinforces the family-friendly design.
-
Healthcare Strength — Medical, dental, and vision coverage is paired with inclusive healthcare extending to partners and covering fertility and transgender services. Access to mental-health platforms complements the core medical offering.
Expedia Group Insights
What We Do
Expedia Group powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.
Why Work With Us
As travelers and technologists, we are passionate about making travel more seamless, accessible and memorable. We embrace different perspectives, celebrate new ideas, and empower every Expedian to drive meaningful change. The experiences we create bridge divides and broaden horizons – helping create unforgettable memories through travel.
Gallery
Expedia Group Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.