Director CyberSecurity
$249kExpedia Group
At Expedia Group, we help travelers explore the world, one journey at a time. As a global travel company powered by passionate people, trusted partnerships, and leading technology, we connect travelers, partners, and advertisers through our consumer brands, B2B network, and travel advertising business.
Here, you'll do meaningful work that helps millions of people discover, book, and experience travel with more ease, confidence, and joy. Our five Behaviors-Traveler First, Think Big, Operate with Excellence, Ownership Mindset, and Succeed Together-help foster a supportive environment where people can grow their careers and have the flexibility, benefits, and support to do their best work. Join us and build for travelers everywhere.
Director, Security Engineering
Our Technology Team partners with teams across Expedia Group to create innovative products, services, and tools to deliver high-quality experiences for travelers, partners, and our employees. A singular technology platform powered by data and machine learning provides secure, differentiated, and personalized experiences that drive loyalty and traveler satisfaction.
Expedia Group's Product Security organization is building the security infrastructure, platforms, and services that power secure software delivery across one of the world's largest travel technology platforms. We are looking for a Director, Security Engineering who ships — someone who turns architectural thinking into running systems, operating controls, and measurable outcomes at enterprise scale.
This is fundamentally a hands-on, execution-oriented role. You will design and build security platforms, embed controls into high-velocity engineering workflows, operationalize cloud and data security programs, and serve as the technical anchor for complex, cross-cutting security initiatives. You will work closely with engineering teams, platform architects, and technology leads — influencing craft, output, and trust rather than org chart position.
If you are energized by building things that work at scale, by making security invisible to engineers who do the right thing, and by leaving systems measurably more secure than you found them — this role was written for you.
WHO THRIVES IN THIS ROLE
You are a builder. You measure your impact in systems shipped, controls operationalized, and engineering teams unblocked — not in decks presented or frameworks authored. You are most comfortable when you are deep in the work: designing a zero-trust architecture in the morning, reviewing a CI/CD pipeline security integration in the afternoon, collaborating vertically and horizontally with product security and CTO stakeholders to drive our success while understanding competing priorities. you're are Passionate and curious about AI system the next day. You understand that security at scale is a product problem — and you design accordingly, obsessing over adoption, ergonomics, and measurable outcomes. You influence through craft, consistency, and trust, and you thrive in environments where competing priorities are real, and judgment matters more than process.
In this role, you will:
Security Platform & Infrastructure Delivery
Design, build, and operationalize reusable security platforms, shared services, and reference architectures that engineering teams consume at scale — prioritizing developer ergonomics and adoption velocity.
Deliver security guardrails for infrastructure-as-code, containerized microservices, and service mesh architectures — implemented as enforceable, automated policy-as-code controls, not documentation.
Build and maintain secrets management, certificate lifecycle, and workload identity frameworks for cloud-native infrastructure across multi-cloud environments.
Own the technical implementation of security tooling integrations — Security Fabric to be include SAST, DAST, SCA, ASPM, CSPM, DSPM — ensuring signal quality, pipeline integration, and engineering team usability.
Proven ability to develop and operationalize security policies, standards, and compliance frameworks (e.g., PCI-DSS, SOC 2, ISO 27001, GDPR)
AI & Agentic System Security — Hands-On Implementation
Demonstrated experience applying AI and machine learning techniques within cybersecurity contexts, including threat detection, anomaly detection, or automated vulnerability management
Implement security architecture for LLM-based applications, RAG pipelines, and agentic AI systems — applying controls for prompt injection, model abuse, data exfiltration, and agent trust boundaries in production environments.
Evaluate and operationalize AI-powered security tooling — automated threat detection, vulnerability triage, AI-driven response — from proof of concept through production operation.
Embed security early in Expedia Group's AI development lifecycle, influencing model selection, fine-tuning practices, and deployment architecture through direct partnership with AI platform teams.
Service Mesh & Zero-Trust Infrastructure
Implement and operate service mesh security at scale — mTLS enforcement, traffic policy, workload identity, and zero-trust network segmentation across distributed microservices environments (Istio, Envoy, or equivalent).
Architect and build identity-centric, zero-trust security models for distributed systems with complex east-west traffic patterns and hundreds of services.
Drive practical implementation of zero-trust principles across infrastructure — not as a framework exercise, but as running, enforced controls.
AWS Cloud Security Operations at Scale
Architect and operate AWS-native security controls at enterprise scale: IAM and SCPs, GuardDuty, Security Hub, Inspector, Macie, Control Tower, Secrets Manager, KMS — configured, tuned, and continuously improved, not just deployed.
Cloud Security Posture Management (CSPM) and Data Security Posture Management (DSPM) programs operationally — driving down finding age, improving coverage, and closing posture gaps at velocity.
Instrument and maintain security observability across cloud environments: detection coverage, alerting pipelines, and automated response playbooks that operate reliably at scale.
Enable high-velocity release pipelines by embedding security controls natively into CI/CD without blocking engineering throughput — shifting left without shifting blame.
SDLC Security Architecture — Built Into Engineering Workflows
Implement SDLC security architecture end-to-end — from threat modeling at design time through runtime protection — embedded in the tools, pipelines, and workflows engineers already use.
Deliver reusable security frameworks, libraries, and platform services that let product engineers ship secure code without becoming security experts.
Build and maintain security standards for web application, API, mobile, and cloud-native services — grounded in OWASP, NIST, and validated against Expedia Group's actual engineering stack.
Collaborate directly with engineering teams to balance security requirements against delivery priorities — understanding the pressures, designing controls that fit naturally, and earning credibility through practical judgment.
Delivering Delight — Cyber Experience That Engineers Actually Want
Design security interactions, tooling surfaces, and developer workflows that engineers find intuitive, fast, and useful — minimizing friction while maximizing adoption of secure patterns.
Produce clear, actionable security guidance, architectural blueprints, and technical documentation calibrated to the engineering audience — not compliance artifacts.
Navigate competing priorities with engineering teams by understanding delivery context, making risk tradeoffs explicit and transparent, and building durable trust through consistent, practical judgment.
Contribute to reshaping Product Security and cybersecurity strategy — informing roadmap direction through execution experience, not just top-down design.
Minimum Qualifications:
15+ years of progressive, hands-on cybersecurity experience — with demonstrated depth in building and operating security systems at enterprise scale, not just designing them.
Deep, practitioner-level AWS expertise: IAM, VPC, GuardDuty, Security Hub, Macie, Inspector, Control Tower, Secrets Manager, KMS — operated at scale in high-velocity release environments with measurable outcomes.
Proven track record delivering SDLC security architecture across large engineering organizations — including CI/CD integration, developer tooling, SAST/DAST/SCA deployment, and runtime security in production.
Hands-on implementation experience with service mesh architectures — mTLS, workload identity, traffic policy, zero-trust network enforcement — using Istio, Envoy, Linkerd, or equivalent in production.
Demonstrated proficiency in AI security — implementing controls for LLM applications, RAG systems, and agentic AI pipelines in enterprise production environments, not just evaluating them.
Operational experience running CSPM and DSPM programs at scale — owning finding triage, remediation velocity, and posture improvement metrics.
Proven ability to collaborate with and influence engineering teams without formal authority — translating security requirements into engineering-compatible designs and building trust through delivery.
Ability to contribute to security strategy — translating execution experience and technical depth into roadmap input, architectural direction, and stakeholder communication.
Exceptional technical communication skills — producing authoritative architectural documentation, security guidance, and clear executive-level summaries when needed.
Bachelor's degree in Computer Science, Information Security, or related technical field — or equivalent professional experience.
Preferred Qualifications:
Experience in a large-scale, multi-cloud e-commerce or travel technology environment with global operations and high release frequency.
Hands-on experience building, deploying, or securing agentic AI systems and LLM-based applications in enterprise production — including red-teaming and abuse scenario validation.
Experience building security-as-a-platform services consumed by large engineering organizations — including self-service security tooling, paved-road security libraries, or security SDK development.
Prior people leadership or tech lead experience — not required, but relevant for candidates interested in optional team leadership scope.
Relevant certifications: CISSP, CCSP, CSSLP, AWS Security Specialty, or GCP Security Engineer.
Applied experience with PCI-DSS, SOC 2, GDPR, and ISO 27001 as a practitioner for building compliant systems — not as a policy author.
Senior Individual Contributor | Director-Level Scope
Note: This role is open to exceptional senior ICs and to candidates with people leadership experience who prefer to remain primarily hands-on. People management responsibilities may be available for the right candidate but are not required.
The total cash range for this position in San Jose is $249,000.00 to $348,500.00. Employees in this role have the potential to increase their pay up to $398,500.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.
Benefits and perks
Expedia Group offers benefits and perks designed to support employees and their families, including medical, dental, and vision coverage, paid time off, an Employee Assistance Program, wellness and travel reimbursement, travel discounts, and International Airlines Travel Agent Network (IATAN) membership. Learn more about life at Expedia Group at .
Accommodation requests
Expedia Group is committed to providing an inclusive and accessible recruiting experience. If you need an accommodation or adjustment due to a disability during the application or recruiting process, please submit a request at .
About Expedia Group
Expedia Group includes three flagship consumer brands - Expedia, Hotels.com, and Vrbo - along with a leading B2B travel business and travel advertising offerings. Across our brands and business, we help travelers explore the world with confidence and ease.
Important notice
Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never share sensitive personal information unless you are confident of the recipient. Expedia Group does not extend job offers via email or messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official place to find and apply for roles is .
Equal Opportunity
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other characteristic protected by law. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.$252k - $340.9k
...and scale of hybrid attackers. For more information, visit About Vectra Vectra is the world leader in AI-driven cybersecurity, applying cutting-edge AI to detect and stop sophisticated cyberattacks across hybrid cloud, identity, and network environments....SuggestedWorldwide- ...development platforms (e.g., GitLab, GitHub), issue tracking (e.g., Jira), and QMS/eQMS systems Familiarity with medical device cybersecurity deliverables: threat modeling, cybersecurity risk assessments, vulnerability assessments and mitigations/justifications and...Suggested
$245k - $336k
...are, you’re in the right place. Who We Are In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the... ...that drives great outcomes. Job Summary As the Sr. Director of Product Partnerships, you will lead the strategic expansion...SuggestedFull timeWork at officeShift work$200k - $260k
...unveiling to the world soon. Our offices are in Emeryville and Santa Clara, California. About The Role: The Technical Manager, Cybersecurity is a hands‑on role responsible for managing the full lifecycle of enterprise cybersecurity tools, technologies, and detection capabilities...SuggestedContract workLocal areaRemote work$233k - $318k
...seeking a highly accomplished, strategic, and collaborative Senior Director of Technical Accounting to lead our technical accounting and... ...We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission...SuggestedContract workVisa sponsorshipWork visa$168k - $258.75k
...Certification or proven knowledge in ISO 26262, ISO/SAE 21434, or ISO 8800 is required. NVIDIA's evaluation now covers functional safety, cybersecurity, and AI/ML safety along with process maturity. Having expertise across different fields provides the team with great...$130k - $180k
...and works well under pressure in a fast‑paced environment. You have a passion for numbers, our organization has a passion for cybersecurity. You’re looking for a career with a more fulfilling mission. We have open positions to top talent seeking a financial challenge....Contract workWork experience placementWork at officeFlexible hours$122.5k - $175k
...part of the team that's helping to secure the AI age, we invite you to bring your talents to Zscaler and help shape the future of cybersecurity. We are looking for a Technical Success Manager to join our team. This is a remote, Northeast (NJ, DC, NYC, MA, NC)-based...Full timeWork at officeLocal areaRemote work$141k - $229k
...of your career alongside people who are just as passionate as you are, you’re in the right place. Who We Are In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at...Full timeWork at officeShift work$130k - $180k
A cybersecurity firm in the United States seeks a motivated Technical Revenue Manager to join their Technical Revenue team. The ideal candidate will have over 5 years of experience, demonstrate critical thinking, and effectively collaborate with various teams to manage...- ...company match Paid holidays Health Care Plan (Medical, Dental, & Vision) Retirement Plan (401(k), IRA) Paid Vacation Time Training & Development Work‑From‑Home Option Wellness Resources #J-18808-Ljbffr ICE Consulting - Managed IT & Cybersecurity for Life SciencesWork from home
- ICE Consulting - Managed IT & Cybersecurity for Life Sciences is seeking a Technical Account Manager in Milpitas, California. This role focuses on developing client relationships and managing their IT support needs, requiring a strong blend of technical expertise and customer...Remote jobWork from home
$224k - $231k
...Palo Alto Foundation Medical Group is seeking an experienced Physician Assistant Director to lead Advanced Practice Clinicians (APCs) across a broad portfolio of Medical Specialties and Continuum of Care programs. This is a dynamic leadership opportunity for an APC...Local area$135k - $155k
...Senior Director of Member Engagement and Financial Wellness Senior Director of Member Engagement & Financial Wellness Come be a Difference Make r with us . We are searching for an experienced leader for the role of Senior Director of Member Engagement & Financial...Immediate startRemote work$159k - $255k
...of your career alongside people who are just as passionate as you are, you’re in the right place. Who We Are In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at...Full timeWork at office- Atomic Machines is seeking a Technical Manager, Cybersecurity to lead the detection and response program across cloud, OT/ICS, endpoint, identity, and network domains. The role combines strategic security direction with hands-on technical execution, coordinating an external...
$200k - $260k
A leading micromanufacturing technology company based in California is seeking a Technical Manager, Cybersecurity. In this role, you will oversee the full lifecycle of enterprise security tools, ensuring robust protection across various domains. You are expected to manage...$180.5k - $248.5k
Who We Are Applied Materials is a global leader in materials engineering solutions used to produce virtually every new chip and advanced display in the world. We design, build and service cutting‑edge equipment that helps our customers manufacture display and semiconductor...Full timeRelocation$207.9k - $272.8k
...YOUR NEXT OPPORTUNITY The Director, Treasury is a key corporate leader responsible for shaping and managing the company's investment strategy within a growing electrical contracting organization. This role oversees the selection, allocation, and performance of a diversified...Local areaShift work- ...Interim Director of Continuous Improvement About the Company Respected provider of high-quality services Industry Consumer Services Type Privately Held About the Role The Company is in need of an Interim Director of Continuous Improvement...Interim role
- ...Senior Director, Principal Gifts About the Company Philanthropic organization supporting Indigenous culture & individuals Industry Non-Profit Organization Management Type Non Profit Founded 2017 Employees 11-50 Categories...
$10k
...Location and Job Title: Senior Director of Philanthropic Engagement Jewish Silicon Valley / Addison-Penzak JCC 14855 Oka Road Suite 200 Los Gatos, CA 95032 Principal Responsibilities: Focus: Individual Major Gifts, Acquisition, and Community Connectivity. Position Summary...Work at office$282k - $419.1k
Job Description Summary: This job will lead complex projects and participate in problem resolution, driving global process improvements. You will manage key partnerships, ensuring retention and growth, and contribute to the development of partnership strategies. Essential...Work experience placementLocal areaFlexible hours- ...as we shape the future of AI and beyond. Together, we advance your career. The Role The AMD Law Department is seeking a Director of Patent Litigation to support and manage the company's defensive patent litigation team. This role will report to the Sr. Director...
- ...are seeking a dynamic and compassionate leader to guide our Dialysis Services team. Position Overview : As the Executive Director of Dialysis Services , you will oversee the administration and clinical direction of all dialysis services within our health system...Relocation package
- ...Senior Director of Capture Management About the Company Multi-billion-dollar federal service contractor serving defense, intelligence, civilian, and international markets. Industry Defense & Space Type Privately Held About the Role...For contractors
$100k - $300k
...Political Director SEIU Local 521 was founded in 2007 when 5 local unions came together in the Bay Area, Central Coast and Central Valley to form one larger, more powerful union. Together our members are building a true 21st century union fighting to empower and improve...Local areaFlexible hoursNight shiftWeekend workAfternoon shift$227.8k - $338.8k
...Director, Legal NetApp is the intelligent data infrastructure company, combining unified data storage, integrated data services, and cloud operations services to turn a world of disruption into opportunity for every customer. This role reports to the Vice President...Contract workWorldwide- ...students rise to the level of challenge they're given, you'll feel right at home here. Position Summary The AoPS Academy Campus Director at our Saratogacampus leads a vibrant, dynamic enrichment program where each day brings new opportunities to engage students,...Full timePart timeSummer workH1bLocal areaRelocation packageMonday to FridayShift workWeekend workAfternoon shift
- ...retention. Leadership Development Design and deliver leadership development programs for front line leaders, emerging leaders, managers, directors, and executives. Create scalable leadership capability models aligned with company values and growth expectations. Coach senior...
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Director CyberSecurity. Be the first to apply!
- pathology director San Jose, CA
- director of reimbursement San Jose, CA
- director of public safety San Jose, CA
- director of community relations San Jose, CA
- director mba San Jose, CA
- director vendor management San Jose, CA
- director life science San Jose, CA
- director biology San Jose, CA
- director medical writing San Jose, CA
- director of executive recruiting San Jose, CA


