Senior Product Security Architect at Expedia

Senior Product Security Architect at Expedia

The Product Security Architecture team partners with product, engineering, and platform teams to ensure security and privacy are built into Expedia Group products by design, from ideation through operations. We enable our business partners to build resilient, future-ready solutions that advance Expedia Group’s security posture and operational velocity.

We focus on secure-by-design product architecture, security assessments, threat modeling, and continuous verification of security requirements across our business products and platforms.

You will join a small, senior team of hands-on product security architects who work across domains and technologies, helping teams make pragmatic security decisions that enable innovation at scale.

In this role, you will:

• Serve as a trusted product security architecture advisor to product, engineering, and platform teams, helping them design secure, highly available, and privacy-aware products and services.

• Lead and facilitate threat modeling and security assessments for new and evolving products, services, and platforms, translating findings into clear, actionable recommendations.

• Partner closely with product and engineering leaders to embed security requirements into product roadmaps, design reviews, and delivery processes without slowing down innovation.

• Provide thought leadership around enabling and applying AI across the Product Security org.

• Be a change agent influencing and scaling the adoption of AI-enabled security tooling and best practices across the product security organization.

• Drive continuous verification of product security controls and requirements through AI-enabled automation and integration with existing product security tooling.

• Communicate complex product security and architecture trade-offs in a clear, outcome-focused way to both technical and non-technical stakeholders, from senior ICs to senior leadership.

• Mentor and coach product managers, engineers, and architects to raise the bar on product security literacy and design thinking across the organization.

• Contribute to the broader Expedia Group security strategy by identifying emerging product security risks and technology trends and proposing pragmatic, long-term architecture approaches.

• Contribute to creating a culture of continuous learning, data-driven decisions, and improvements.

• Collaborate across IT and Information Security teams to ensure end to end coverage across the product lifecycle – from concept and design through build, launch and operations.

Minimum Qualifications

• Bachelor’s degree in Computer Science or a related technical field; or equivalent related professional experience.

• 10+ years of product security and development experience

• Extensive experience performing application threat modeling

• Extensive experience conducting architecture reviews to find and evaluate application and infrastructure security risks

• Significant experience in the last several years applying Generative AI in software development and for end users, ideally in the context of a medium or large enterprise.

• Deep understanding of modern product development practices and CI/CD and how AI can change and improve these practices to increase both quality and velocity.

• Familiarity with ‘agentic’ architectures including SDKs, context engineering, MCPs, authorization.

Preferred Qualifications:

• Expertise in public cloud platforms (AWS is preferred), containerization and orchestration (Kubernetes, Docker), and related technologies.

• Excellent communication and collaboration skills, with the ability to work effectively with both technical and non-technical stakeholders.

• Track record of setting and evolving security architecture standards, patterns, and guardrails for complex, multi-tenant or multi-domain platforms, and driving their adoption across diverse engineering teams.

• Experience operating product security at scale in cloud-native environments (such as large microservices architectures), including secure service-to-service communication, token-based auth, and secret and certificate management.

• Deep experience conducting and scaling threat modeling, security design reviews, and architecture risk assessments, and using insights to shape platform capabilities, reusable controls, and security automation.

• Familiarity with AI-driven systems, tools, or workflows and applying AI/ML concepts to real world products, including leveraging AI/ML‑enabled code analysis, anomaly detection, or security automation; safely integrates and operates AI/ML‑enabled solutions that improve security posture, detection, and response.

• Demonstrated experience taking products from concept to scaled adoption by partnering with product and engineering leadership to embed security requirements into product vision, architecture, and roadmaps, and to measure and report on security outcomes.

The total cash range for this position in Austin is $184,500.00 to $258,000.00. Employees in this role have the potential to increase their pay up to $295,000.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.

Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.

Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership. View our full list of benefits.

Accommodation requests

If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request.

We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others.

Expedia Group’s family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™. © 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50

Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.

Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee’s I-9 to confirm work authorization.