At Expedia Group, we help travelers explore the world, one journey at a time. As a global travel company powered by passionate people, trusted partnerships, and leading technology, we connect travelers, partners, and advertisers through our consumer brands, B2B network, and travel advertising business.
Here, you'll do meaningful work that helps millions of people discover, book, and experience travel with more ease, confidence, and joy. Our five Behaviors-Traveler First, Think Big, Operate with Excellence, Ownership Mindset, and Succeed Together-help foster a supportive environment where people can grow their careers and have the flexibility, benefits, and support to do their best work. Join us and build for travelers everywhere.
Introduction to the Team:
We are part of the Cyber defense organisation, focused on detecting, analyzing and responding to security threats across the enterprise. Our mission is to proactively identify adversary behavior, strengthen detection capabilities and improve overall security posture.
In this role, you will:
Assist in building and tuning detection rules across SIEM and related monitoring platforms by translating raw telemetry into actionable alerts and improving detection quality over time.
Develop and maintain correlation rules and detection use cases based on known attack patterns, and map detections to frameworks such as MITRE ATT&CK to improve visibility into attacker tactics, techniques, and procedures.
Analyze logs and security telemetry across endpoints, networks, cloud platforms, identity systems, and applications to identify suspicious patterns, coverage gaps, and opportunities to reduce false positives.
Document detection logic, testing outcomes, use cases, and response workflows, and contribute to the detection engineering lifecycle from ideation and development through testing, validation, and tuning.
Collaborate with SOC, incident response, and threat intelligence partners to improve alert fidelity, support investigations, and feed lessons learned back into future detection content and automation.
Support automated workflows and safely integrate and operate AI/ML-enabled solutions that improve outcomes, such as behavioral baselining, anomaly identification, and alert prioritization; demonstrate familiarity with AI-driven systems, tools, or workflows and applying AI/ML concepts to real world products.
Experience and Qualifications:
Minimum Qualifications:
Bachelor’s degree in Computer Science, Cybersecurity or related field (or equivalent experience).
0–2 years of experience in Security Operations, SOC or related domain
Experience designing, implementing, and operating security-related services or components (such as authentication/authorization, secrets management, encryption, or security monitoring) with clear ownership for the reliability, performance, and security of those services.
Understanding of security frameworks such as MITRE, Cyber Kill Chain
Familiarity with SIEM platforms (e.g. Splunk, Sentinel, QRadar), SOAR platforms and automation concept, Log analysis (authentication logs, network logs, endpoint telemetry)
Exposure to detection rule creation and tuning, correlation logic and alert engineering and basic scripting (Python, PowerShell or similar)
Understanding of network fundamentals (DNS, HTTP, TCP/IP), common attack techniques (phishing, credential theft, lateral movement), defense-in-depth principles
Preferred Qualifications:
Exposure to threat intelligence concepts
Practical experience integrating or securing AI/ML-enabled systems, such as protecting data pipelines, securing model endpoints, or using AI-driven tools to enhance threat detection and response, while safely integrating and operating AI/ML‑enabled solutions that improve outcomes.
Depth in at least one security specialization (such as cloud security, application security, identity and access management, endpoint security, or security automation) combined with the ability to work effectively across multiple technical domains.
Familiarity with AI-driven systems, tools, or workflows and applying AI/ML concepts to real world products to enhance security capabilities, such as automated risk analysis, intelligent anomaly detection, or adaptive access controls.
Accommodation requests
Expedia Group is committed to providing an inclusive and accessible recruiting experience. If you need an accommodation or adjustment due to a disability during the application or recruiting process, please submit a request at https://expedia.service-now.com/askeg?id=job_accommodation.
About Expedia Group
Expedia Group includes three flagship consumer brands - Expedia, Hotels.com, and Vrbo - along with a leading B2B travel business and travel advertising offerings. Across our brands and business, we help travelers explore the world with confidence and ease.
Important notice
Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never share sensitive personal information unless you are confident of the recipient. Expedia Group does not extend job offers via email or messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official place to find and apply for roles is https://careers.expediagroup.com/jobs/.
Equal Opportunity
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, gender, sexual orientation, national origin, disability or age.