Product Security Architect III

Product Security Architect III

Our Technology Team partners with teams across Expedia Group to create innovative products, services, and tools to deliver high‑quality experiences for travelers, partners, and our employees. A singular technology platform powered by data and machine learning provides secure, differentiated, and personalized experiences that drive loyalty and traveler satisfaction. The Product Security Architecture team partners with product, engineering, and platform teams to ensure security and privacy are built into Expedia Group products by design, from ideation through operations.

We enable our business partners to build resilient, future‑ready solutions that advance Expedia Group’s security posture and operational velocity. We focus on secure‑by‑design product architecture, security assessments, threat modeling, and continuous verification of security requirements across our business products and platforms. You will join a small, senior team of hands‑on product security architects who work across domains and technologies, helping teams make pragmatic security decisions that enable innovation at scale.

• Define and evolve security architecture patterns, standards, and reference designs that enable secure‑by‑design product development across multiple platforms and services.
• Partner with product, engineering, and infrastructure teams to design secure system architectures, including API design, low‑level design (LLD), and data models that protect customer and partner data.
• Lead threat modeling, security design reviews, and risk assessments for complex product initiatives, translating security requirements into actionable engineering guidance.
• Provide technical leadership on application security controls (authentication, authorization, encryption, key management, secrets handling) and drive their consistent adoption across domains.
• Guide teams in safely integrating and operating AI/ML‑enabled and AI‑driven solutions, tools, or workflows that improve security and product outcomes, including applying AI/ML concepts to real‑world products.
• Influence roadmap and technical decision‑making by aligning product security architecture with business objectives, regulatory needs, and operational constraints across multiple product areas.

• Bachelor’s degree in Computer Science or a related technical field; or Equivalent related professional experience.
• 5+ years of relevant professional experience.
• Experience in product or application security with hands‑on involvement in designing secure architectures for services, APIs, and data models within complex, distributed systems.
• Proven ownership of security architecture for a significant product area, service group, or domain, including driving security requirements from design through implementation.
• Strong technical depth in security fundamentals such as secure software development practices, identity and access management, cryptography usage, and cloud‑native security controls, including familiarity with AI‑driven systems, tools, or workflows and applying AI/ML concepts to real world products.

• Advanced experience defining and implementing security architecture patterns at scale for multi‑service or domain‑wide product ecosystems in a cloud‑native environment.
• Track record of leading security architecture for complex, highly available, and high‑throughput systems, including data‑intensive and API‑centric products, with a focus on operational excellence and resiliency.
• Demonstrated ability to drive secure‑by‑design practices across engineering teams, including formal threat modeling, security design reviews, and integration of security automation into CI/CD pipelines, telemetry, and monitoring.
• Experience designing and governing security controls for AI/ML‑enabled and AI‑driven products or platforms, including model security, data protection, responsible use of AI in production systems, and safely integrating and operating AI/ML‑enabled solutions that improve outcomes.
• Deep expertise in applying data‑driven approaches (such as security metrics, risk scores, and telemetry) to prioritize…