If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form . This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.
Senior Offensive Security Engineer
Are you passionate about Red Teaming/Penetration Testing? Do you love Cyber Security?
Are you someone who has solid background into information security and wants to join Expedia Group’s pen test team?
This is an excellent opportunity for an experienced, forward-looking penetration tester/red teamer to join enterprise security penetration testing capability at Expedia Group. This requires highly skilled and experienced penetration testing/red team specialists who can ensure Expedia Group can uncover and subsequently remediate vulnerabilities through the delivery of high vigilance and transparency.
Expedia Group is looking for a penetration tester to perform pen test on its infrastructure and applications. The scope of this role includes performing the full cycle of penetration testing engagements - from scoping, through threat modelling, information gathering, discovery, vulnerability assessment, active testing, pivoting and reporting.
What You’ll Do
- Responsible for penetration testing and red teaming activities, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results
- Develop and refine methodologies to conduct Red Team operations successfully and consistently covering all areas of technology
- Assess EG’s existing security capabilities to detect and respond to emerging threats and work with Detection team to ensure a smooth execution of testing activities (e.g. red/purple teaming, competitive cyber games, etc.)
- Work with Threat Research team to develop red team scenarios consistent with real attacks as well as business lines understanding their threats
- Plan and execute complex red-team exercise by replicating, in a safe way, the tactics, techniques and procedures of threat actors, including technical coordination of activities and periodic reporting of progresses to partners
- Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex scenarios, emulating malicious actor behavior aimed at avoiding detection
- Deeply document exploit chain/proof of concept scenarios and influence partners in understanding risk exposure and containment measures from vulnerabilities
- Handle pen test program for various compliance needs like PCI, SOC2 etc.
Who You Are
- Bachelor’s of Engineering in Computer Science or Information Technology or a related technical field; or equivalent related professional experience
- 8+ years of experience executing large scale penetration testing/red team testing assessments of highly critical systems
- OSCP, OSCE, GPEN, CREST or similar certifications will be a plus
- Knowledge of cloud security/pen test will be a plus
- Strong knowledge of security frameworks e.g. OWASP, SANS, MITRE ATT&CK Framework, Firewalls, IDS/IPS, Web Proxies and DLP among other
- Detailed and up-to-date knowledge of wide range of security tools like Burp Suite, Nessus, Metasploit, Empire, Cobalt Strike, etc. and familiarity with common reconnaissance, exploitation, and post exploitation frameworks
- Ability to develop creative tools, solutions, processes and automate tasks using a scripting language (Python, Perl, Ruby, etc.)
- Knowledge of Linux operating systems, Source Code Analysis, Mobile Application Security, Microsoft technologies like Active Directory and others
- Communication skillset to influence VPs, Directors, and other Technology Leaders to prioritize and execute remediation plans
At Expedia Group, we believe in bringing people together and creating an inclusive workplace where everyone belongs and can do their best work. We care about our employees’ safety and well-being, so we’re requiring new hires in the U.S. to be fully vaccinated against COVID-19 and attest to their vaccination status before their start date as a condition of employment. Expedia Group will consider requests for a reasonable accommodation as required under applicable law.
About Expedia Group
Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.
© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is lifeatexpediagroup.com/jobs .
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.