Saturday , August 15 2020

Security Engineer – Expedia Careers

Website Expedia

Job Description:

This is an excellent opportunity for an experienced, forward-looking red teamer (adversary attack simulation) to join enterprise security penetration testing capability at Expedia Group. This requires highly skilled and experienced penetration testing/red team specialists who can ensure Expedia Group has the ability to uncover and subsequently remediate vulnerabilities through the delivery of high vigilance and transparency.

Expedia Group is looking for a penetration tester to perform pen test on its infrastructure and applications. The scope of this role includes performing the full cycle of penetration testing engagements – from scoping, through threat modelling, information gathering, discovery, vulnerability assessment, active testing, pivoting and reporting.

Job Responsibilities:

  • Assess EG’s existing security capabilities to detect and respond to emerging threats and work with Detection team to ensure a smooth execution of testing activities (e.g. red/purple teaming, competitive cyber games, etc.)
  • Deeply document exploit chain/proof of concept scenarios and influence partners in understanding risk exposure and containment measures from vulnerabilities
  • Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex scenarios, emulating malicious actor behavior aimed at avoiding detection
  • Develop and refine methodologies to conduct Red Team operations successfully and consistently covering all areas of technology
  • Plan and execute complex red-team exercise by replicating, in a safe way, the tactics, techniques and procedures of threat actors, including technical coordination of activities and periodic reporting of progresses to partners
  • Responsible for penetration testing and red teaming activities, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
  • Work with Threat Research team to develop red team scenarios consistent with real attacks as well as business lines understanding their threats

Job Requirements:

  • 6+ years of experience executing large scale penetration testing / red team testing assessments of highly critical systems
  • Ability to develop creative tools, solutions, processes and automate tasks using a scripting language (Python, Perl, Ruby, etc.)
  • Bachelor’s Degree in engineering, Computer Science/Information Technology or its equivalent with real passion for security researching
  • Communication skillset to influence VPs, Directors, and other Technology Leaders to prioritize and execute remediation plans
  • Detailed and up-to-date knowledge of wide range of security tools like Burp Suite, Nessus, Metasploit, Empire,
  • Cobalt Strike, etc. and familiarity with common reconnaissance, exploitation, and post exploitation frameworks
  • Knowledge of Linux operating systems, Source Code Analysis, Mobile Application Security, Microsoft technologies like Active Directory and others
  • OSCP, OSCE, GPEN, CREST or similar certifications will be a plus
  • Strong knowledge of security frameworks e.g. OWASP, SANS, MITRE ATT&CK Framework, Firewalls, IDS/IPS, Web Proxies and DLP among other

Job Details:

Company: Expedia

Vacancy Type: Full Time

Job Functions: Information Technology

Job Location: Gurugram, Haryana, India

Application Deadline: N/A

Apply Here