Security Operations Analyst II – Security Compliance Center

Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success.

Why Join Us?

To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win.

We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a flexible work model (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We’re building a more open world. Join us.

Security Operations Analyst II – Security Compliance Center

What you'll do:

• Support execution of security compliance and IT audit activities by coordinating evidence collection, tracking requests, and ensuring timely responses to internal and external stakeholders.

• Work with partners across technology and business teams to maintain compliance with frameworks such as PCI DSS, SOC 2, NIST CSF, ISO 27001, or similar standards, ensuring accurate and complete control documentation.

• Use workflow tools such as Jira or similar ticketing systems to manage evidence queues, SLAs, and task assignments, maintaining clear status updates and follow‑through on deadlines.

• Document security, compliance, and IT operational processes, controls, and procedures in a clear, structured, and audit‑ready manner, contributing to a consistent control library.

• Review submitted artifacts to identify inconsistencies, control gaps, or missing evidence, escalating issues appropriately and collaborating with technical and non‑technical teams to drive resolution.

• Apply foundational understanding of security concepts (for example, authentication, encryption, logging/monitoring, and network fundamentals) and familiarity with AI‑driven systems, tools, or workflows to support compliance reviews and help safely integrate and operate AI/ML‑enabled solutions that improve outcomes.

Who you are:

Minimum Qualifications:

• Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related technical field, or equivalent practical experience in security operations or security compliance.

• 2–4 years of experience in security operations, security compliance, or a related security engineering function supporting production environments or services.

• Hands‑on experience working with security operations or compliance tooling (such as SIEM, CSPM, compliance centers, ticketing systems, or evidence repositories) to monitor controls, investigate issues, and maintain compliance records.

• Demonstrated ability to follow and improve operational runbooks and standard operating procedures for alert handling, evidence collection, and escalation across multiple services or domains.

• Familiarity with AI‑driven systems, tools, or workflows and applying AI/ML concepts to real world products, particularly in the context of security monitoring, compliance automation, or analytics.

Preferred Qualifications:

• Security certifications relevant to operations or compliance (for example, Security+, ISO 27001 implementer/auditor, or similar) supporting work with regulated or audited environments.

• Experience operating security compliance or security operations functions at scale across multiple products, services, or cloud environments, including tuning alerts, optimizing dashboards, and driving improvements based on data.

• Proven ability to partner with engineering, product, and audit teams to design and implement durable remediation plans, improve control coverage, and enhance end‑to‑end compliance workflows.

• Strong proficiency with scripting, automation, or security tooling integrations to improve operational efficiency, support data‑driven decision making, and safely integrate and operate AI/ML‑enabled solutions that improve detection, response, or compliance accuracy.

• Familiarity with AI‑driven systems, tools, or workflows and applying AI/ML concepts to real world products, including using AI‑assisted analytics or knowledge tools to accelerate investigations and scale security compliance center operations.

Accommodation requests

If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request.

We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others.

Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™. © 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50

Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.

Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, gender, sexual orientation, national origin, disability or age.