Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success.
Why Join Us?
To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win.
We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a global hybrid work setup (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We're building a more open world. Join us.
Penetration Tester/Ethical Hacker
Expedia Product & Technology builds innovative products, services, and tools to deliver high-quality experiences for travelers, partners, and our employees. A singular technology platform powered by data and machine learning provides secure, differentiated, and personalized experiences for the traveler and our partners that drive loyalty and customer satisfaction.
As a Penetration Tester, you will be a key member of our cybersecurity team responsible for identifying and mitigating security vulnerabilities in our systems, applications, and infrastructure. You will use your expertise in ethical hacking to simulate real-world cyberattacks and help strengthen our defenses against potential threats. Your role is essential in ensuring the security and resilience of our technology assets.
If you are passionate about cybersecurity, have a keen eye for identifying vulnerabilities, and enjoy working in a challenging and rewarding environment, we invite you to apply for the penetration testing position and become a vital part of our offensive security team. Help us ensure the security and resilience of our travel products and services while supporting ethical hacking within our bug bounty program.
In this role, you will:
Collaborate with team members to co-develop and solve security problems
Triage bug bounty issues and execute web/network/cloud penetration testing
Reach out proactively to meet peers across environment and collaborate to solve problems
Take advantage of opportunities to build new technical expertise in a specific security area
Seek knowledge from subject matter experts when needed
Help coordinate stakeholder input and collaboration efforts when developing solutions to issues
Think broadly and understand how, why and when policies/processes are standardized and when they differ across the organization
Execute tasks and/or provides data to support implementation of holistic security solutions that forge linkages between structure, people, process and technology
Report clearly on current work status. Asks challenging questions when empowered to do so
Perform routine information security development responsibilities, following standard policies and procedures; reports more difficult issues to senior associates
Experience and qualifications:
You have a bachelor's or master's degree in Cybersecurity; or equivalent related professional experience
You have 2+ years of professional experience
You have experience performing penetration tests in the context of discovering security vulnerabilities
You can demonstrate your strength in offensive security
You have proven experience in vulnerability triage and security assessments, preferably in a bug bounty or responsible disclosure program
You understand security testing and monitoring tools
You have the ability to identify and remediate OWASP Top 10 or related vulnerabilities.
You possess strong knowledge of web application security, network security, and common security vulnerabilities (e.g., OWASP Top Ten)
You are familiar with various testing methodologies and tools used by security researchers
You have excellent analytical and problem-solving skills with attention to detail
You can effectively communicate and collaborate with internal and external stakeholders
Preferred: You hold knowledge of programming languages and web technologies
Preferred: You hold relevant certifications, such as (OSCP) or Certified Ethical Hacker (CEH)
The total cash range for this position in Seattle is $112,000.00 to $156,500.00. Employees in this role have the potential to increase their pay up to $179,000.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.
Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual's knowledge, skills, and experience. Pay ranges may be modified in the future.
Accommodation requests
If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request .
We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others.
Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you're confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs .
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.