Security Incident Response Manager

If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.

Security Incident Response Manager

Our mission is to detect, investigate, disrupt, contain, and remediate threats in support of the company's information security strategy.
“CSIRT Incident Response provides 24/7/365 incident response to all Expedia Group properties and subsidiaries.

The team creates, maintains, and tests the effectiveness of the company's Incident Response Plan. IR conducts post-incident reviews to educate internal stakeholders on security incidents, improve monitoring and detection capabilities, and identify process improvements resulting from incidents to prevent reoccurrence.”

What you’ll do: 

• Serve as the incident commander for major or high-profile incidents including validating and raising incidents, coordinating response, facilitating information sharing, and conducting reporting 

• Be a liaison between technical response teams and the business to minimize the impact of an incident on operations 

• Ensure alignment to the organizational Incident Response Plan throughout the incident lifecycle 

• Conduct post Incident reviews and provide insights to guide improvements 

• Design, maintain, and improve a portfolio of security alerts, automated actions, playbooks, and workflows  

• Communicate incident status to relevant parties across the organization 

• Develop improvements to security detection capabilities 

• Serve as a technical focal for security operations analyst issues 

• Apply intelligence to improve areas of interest 

• Perform in-depth log analysis with an understanding of acquisition and preservation techniques 

• Regularly test and improve incident response plans and playbooks through the development of table top exercises 

• Conduct team information sharing sessions in your given areas of expertise  

• In partnership with other team members across geographies, maintain schedule flexibility during on call shifts to ensure 24x7x365 coverage 

Who you are: 

• Technical Proficiencies: 

• Knowledge of multiple security domains, including but not limited to: application security, cloud security, data security, network security, and perimeter security 

• Experience with: 

• Common cyber defense tooling such as; IDS/IPS/HIPS, anti-malware, firewalls, proxies, etc 

• Enterprise infrastructure, platforms, and tooling, including; Windows, Linux, MacOS, infrastructure management and networking hardware 

• 3rd party cloud computing platforms (AWS, Azure, Google) 

• Industry standard SIEM and SOAR platforms

• Soft Skills:  

• Communication – Written and oral communication skills to communicate technical concepts to all levels of the organization 

• Listening - Ability to listen to feedback and apply recommendations 

• Teamwork – Applying the Expedia Group Guiding Principle: One team, group first 

• Investigative demeanor – Curious mentality, someone willing to dig into problems until they are satisfied with a result 

• Proactive self starter – Act as a leader proactively looking for solutions 

• Organization - Ability to simultaneously prioritize technical response while ensuring relevant parties are advised 

• Bachelors in an information security or related technical field; or equivalent related professional experience 

• Minimum of 6-10 years within IT security 

• Ability to lead security incidents at a global scale  

• Experience working in a SOC or a CSIRT 

• Certifications which demonstrate baseline proficiency in the areas of IT Security, Incident Response, or cloud concepts (CISSP, GIAC, ECIH, AWS) are a plus 

About Expedia Group 

Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.  

© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50

Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.

Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, gender, sexual orientation, national origin, disability or age.