Security Engineer III , Vulnerability Management

Posted Yesterday
Be an Early Applicant
Gurgaon, Gurugram, Haryana, IND
Hybrid
Senior level
AdTech • eCommerce • Information Technology • Travel • Generative AI
Powering global travel for everyone, everywhere.
The Role
Lead vulnerability risk decisions and exploitability prioritization across cloud, application, and infrastructure. Evaluate critical findings, produce executive risk narratives and metrics, run risk campaigns, partner with threat intelligence/cloud/product teams, improve detection and remediation workflows, support compliance (PCI DSS, SOC 2), and participate in on-call rotations for incident decision support.
Summary Generated by Built In

At Expedia Group, we help travelers explore the world, one journey at a time. As a global travel company powered by passionate people, trusted partnerships, and leading technology, we connect travelers, partners, and advertisers through our consumer brands, B2B network, and travel advertising business.


Here, you'll do meaningful work that helps millions of people discover, book, and experience travel with more ease, confidence, and joy. Our five Behaviors-Traveler First, Think Big, Operate with Excellence, Ownership Mindset, and Succeed Together-help foster a supportive environment where people can grow their careers and have the flexibility, benefits, and support to do their best work. Join us and build for travelers everywhere.

Introduction to the Team:

Risk Intelligence and Orchestration is redefining vulnerability management at Expedia Group through AI-driven risk intelligence, security orchestration, and automation. The team identifies and prioritizes exploitable attack paths (toxic combinations), and security findings across applications, cloud, infrastructure, and containerized environments, ensuring risks are remediated according to business impact, compliance obligations, and defined SLAs. We also partner closely with engineering and compliance teams to support critical security programs, including PCI DSS and SOC 2.
Our mission is to make security the easiest path for engineers. By leveraging modern AI technologies, agentic workflows, intelligent ownership attribution, and automated remediation orchestration, we transform fragmented security signals into actionable insights and scalable workflows. We are building toward a future of autonomous, risk-based remediation - reducing noise, eliminating critical attack paths, and enabling engineering teams to focus on delivering trusted experiences for travellers.

In this role, you will:

  • Own security risk decisions and exploitability prioritization across cloud, application, and infrastructure environments, translating vulnerability and threat signals into clear, actionable outcomes.

  • Evaluate critical and high-risk findings, applying SLA governance, escalation judgment, and  exploitability, blast radius, recurrence patterns, and business impact.

  • Analyze vulnerability, threat intelligence, and exposure data to determine real-world

  • Produce leadership-ready narratives and metrics (MTTR, recurrence, exception debt, aging vulnerabilities) that communicate risk posture, trends, and program effectiveness beyond dashboards outcome tracking aligned to organizational objectives.

  • Lead and support risk campaigns, including go/no-go decisions, prioritization logic, and stakeholders to influence risk outcomes and drive alignment.

  • Partner closely with threat intelligence, cloud security, product security, and engineering improvements back into tooling, workflows, and policy.Identify false positives, systemic detection gaps, and process inefficiencies, feeding improvement of decision frameworks.

  • Contribute to reporting automation, Organizational Security metrics, and continuous active incidents or emerging threat scenarios.

  • Participate in daily and ad-hoc risk assessments, providing authoritative guidance during  and process clarity.Support GRC, SOC2, PCI, and internal audit activities by providing evidence, explanations,

  • Participate in an on-call rotation to provide expert risk assessment, decision support, and guidance during active incidents, emerging threats, or time-sensitive security events

Experience and Qualifications: 

Minimum Qualifications:

  • Bachelor’s degree in Computer Science or a related technical field; or Equivalent related professional experience.

  • 5+ years of relevant professional experience

  • Strong ability to interpret vulnerability, exploit, and threat data across cloud, application, identity, and infrastructure layers.

  • Experience producing executive-level security narratives, risk summaries, and metric-based insights.

  • Working knowledge of cloud platforms, modern application architectures, and enterprise security tooling.

Preferred Qualifications:

  • Experience operating in high-scale or global environments with formal SLA, exception, and escalation frameworks.

  • Demonstrated ability to balance security risk, operational capacity, and business impact in decision-making.

  • Strong background in building or improving security detection, incident response workflows, and metrics, using data to continuously refine coverage, reduce false positives, and improve time to detect and respond.

  • Familiarity with AI-driven systems, tools, or workflows and practical experience applying AI/ML concepts to enhance or secure real world products and platforms.

Accommodation requests

Expedia Group is committed to providing an inclusive and accessible recruiting experience. If you need an accommodation or adjustment due to a disability during the application or recruiting process, please submit a request at https://expedia.service-now.com/askeg?id=job_accommodation.


About Expedia Group

Expedia Group includes three flagship consumer brands - Expedia, Hotels.com, and Vrbo - along with a leading B2B travel business and travel advertising offerings. Across our brands and business, we help travelers explore the world with confidence and ease.


Important notice

Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never share sensitive personal information unless you are confident of the recipient. Expedia Group does not extend job offers via email or messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official place to find and apply for roles is https://careers.expediagroup.com/jobs/.


Equal Opportunity

Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, gender, sexual orientation, national origin, disability or age.

Skills Required

  • Bachelor's degree in Computer Science or related technical field, or equivalent experience
  • 5+ years of relevant professional experience
  • Ability to interpret vulnerability, exploit, and threat data across cloud, application, identity, and infrastructure layers
  • Experience producing executive-level security narratives, risk summaries, and metric-based insights
  • Working knowledge of cloud platforms, modern application architectures, and enterprise security tooling
  • Participate in on-call rotation to provide expert risk assessment and guidance during incidents
  • Experience operating in high-scale or global environments with SLA, exception, and escalation frameworks
  • Demonstrated ability to balance security risk, operational capacity, and business impact in decision-making
  • Background in building or improving security detection, incident response workflows, and metrics to reduce false positives
  • Familiarity with AI-driven systems, tools, or workflows and practical application of AI/ML concepts to security
  • Familiarity with PCI DSS, SOC 2, and GRC/compliance activities

Expedia Group Compensation & Benefits Highlights

  • Wellbeing & Lifestyle Benefits Travel and wellness reimbursements, employee travel discounts, and flexible stipends are presented as standout perks that add meaningful lifestyle value. Mental-health resources and pet support broaden the package beyond core pay.
  • Parental & Family Support Paid parental leave for all parents with additional time for birthing parents, plus adoption, surrogacy, and caregiver support, are highlighted as generous and accessible. Immediate eligibility for parental leave reinforces the family-friendly design.
  • Healthcare Strength Medical, dental, and vision coverage is paired with inclusive healthcare extending to partners and covering fertility and transgender services. Access to mental-health platforms complements the core medical offering.

Expedia Group Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Seattle, WA
16,000 Employees
Year Founded: 1996

What We Do

Expedia Group powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.

Why Work With Us

As travelers and technologists, we are passionate about making travel more seamless, accessible and memorable. We embrace different perspectives, celebrate new ideas, and empower every Expedian to drive meaningful change. The experiences we create bridge divides and broaden horizons – helping create unforgettable memories through travel.

Gallery

Gallery

Expedia Group Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: 3 days a week
HQSeattle, WA
JP
VE
HK
MY
Amsterdam, NL
Antalya, TR
Athens, GR
Auckland, NZ
Austin, Texas
Bangkok, TH
Barcelona, ES
Beijing, CN
Bengaluru, Karnataka
Berlin, DE
Bothell, US
Brisbane, AU
Brussels, BE
Chicago, US
Cologne, DE
Copenhagen, DK
Dallas, US
Denpasar, ID
Dubai, AE
Dublin, IE
Edinburgh, GB
Fort Lauderdale, US
Geneva, CH
Gurugram, Haryana
Gurugram, IN
Hanyang, KR
Ho Chi Minh, VN
Issaquah, US
İstanbul, TR
Johannesburg, ZA
Kailua-Kona, US
Kilkattalai, JO
Lahaina, US
Lisbon, PT
London, GB
Lyon, FR
Madrid, ES
Manila, PH
Marseille, FR
Melbourne, AU
Miami, US
Milan, IT
Mohokare, ZA
Montréal, CA
Munich, GD
Paris, FR
Poipu, US
Praha, CZ
Rome, IT
San Francisco, California
San Leonardo, PH
Sham Chun Hu, CN
Shanghai, CN
Singapore, SG
Springfield, US
Stockholm, SE
Sydney, AU
Taipei City, TW
Tokyo, JP
Toronto, CA
Wrocław, PL
Learn more

Similar Jobs

Expedia Group Logo Expedia Group

Operations Analyst

AdTech • eCommerce • Information Technology • Travel • Generative AI
Hybrid
Gurgaon, Gurugram, Haryana, IND
16000 Employees

Expedia Group Logo Expedia Group

Development Engineer

AdTech • eCommerce • Information Technology • Travel • Generative AI
Hybrid
Gurgaon, Gurugram, Haryana, IND
16000 Employees

Expedia Group Logo Expedia Group

Learning and Development Trainer

AdTech • eCommerce • Information Technology • Travel • Generative AI
Hybrid
Gurugram, Haryana, IND
16000 Employees

Expedia Group Logo Expedia Group

Technical Support

AdTech • eCommerce • Information Technology • Travel • Generative AI
Hybrid
Gurugram, Haryana, IND
16000 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account