Senior Director, Product Security Engineering & Architecture

About the position

Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success. The Senior Director Product Security and Architecture at Expedia Group falls within our Enterprise Technology, Security & Privacy (ETSP) organization. We ensure EG is realizing business value through technology - technology that is secure, trusted and scales efficiently to the needs of the company - all for delivering great experiences for our employees, travelers, and partners.

Responsibilities

• Lead a high-performing global team of 50+ security architects and engineers, fostering a culture of innovation, continuous improvement, and excellence.
• Provide strategic direction and leadership in product security, architecture design, secure coding practices, security tooling and identifying emerging security threats.
• Evaluate, deploy, and manage advanced security platforms such as CNAP (Cloud-Native Application Protection), DSPM (Data Security Posture Management), ASPM (Application Security Posture Management), and similar tools.
• Drive security automation and implement modern tooling (e.g., SAST, DAST, IAST) to enable rapid and secure development processes.
• Collaborate cross-functionally with product management, software development, infrastructure, and legal teams to ensure products meet security, privacy compliance, and regulatory standards.

Requirements

• Bachelor's or master's degree in computer science, Information Security, or related field.
• 10+ years of progressive experience in security architecture and engineering, with at least 5 years in senior leadership roles at large-scale technology organizations.
• Proven security leader with extensive experience in product security, software security architecture, secure coding practices, and threat modeling with a deep understanding of cloud-based technologies, microservices architecture, APIs, container security, and modern CI/CD pipelines.
• Familiar with emerging technologies (such as Generative AI) and their security implications.
• Knowledgeable of regulatory frameworks and compliance standards (e.g., GDPR, PCI-DSS, SOX, ISO27001, NIST).
• Experience working in highly technological and innovative environments, with demonstrated ability to integrate cutting-edge security practices and tools such as CNAP, DSPM, and ASPM.

Benefits

• Exciting travel perks
• Generous time-off
• Parental leave
• Flexible work model
• Career development resources
• Medical/dental/vision insurance
• Paid time off
• Employee Assistance Program
• Wellness & travel reimbursement
• Travel discounts
• International Airlines Travel Agent (IATAN) membership