Director Cybersecurity

Expedia Expedia · Hospitality · CA

Director of Security Engineering focused on building and operationalizing security platforms, controls, and services for AI and agentic systems, including LLM applications and RAG pipelines. The role involves implementing security architecture, evaluating AI security tooling, and embedding security into the AI development lifecycle at enterprise scale.

What you'd actually do

  1. Implement security architecture for LLM-based applications, RAG pipelines, and agentic AI systems — applying controls for prompt injection, model abuse, data exfiltration, and agent trust boundaries in production environments.
  2. Evaluate and operationalize AI-powered security tooling — automated threat detection, vulnerability triage, AI-driven response — from proof of concept through production operation.
  3. Embed security early in Expedia Group's AI development lifecycle, influencing model selection, fine-tuning practices, and deployment architecture through direct partnership with AI platform teams.
  4. Design, build, and operationalize reusable security platforms, shared services, and reference architectures that engineering teams consume at scale — prioritizing developer ergonomics and adoption velocity.
  5. Deliver security guardrails for infrastructure-as-code, containerized microservices, and service mesh architectures — implemented as enforceable, automated policy-as-code controls, not documentation.

Skills

Required

  • AI/ML in cybersecurity
  • LLM security
  • RAG pipeline security
  • Agentic AI system security
  • Prompt injection defense
  • Model abuse prevention
  • Data exfiltration prevention
  • Agent trust boundary implementation
  • AI security tooling evaluation
  • Automated threat detection
  • Vulnerability triage
  • AI-driven response
  • Security in AI development lifecycle
  • Model selection influence
  • Fine-tuning security practices
  • Deployment architecture security
  • Security platform design and build
  • Security guardrail implementation
  • Policy-as-code
  • Secrets management
  • Certificate lifecycle management
  • Workload identity frameworks
  • Cloud-native infrastructure security
  • SAST, DAST, SCA, ASPM, CSPM, DSPM integration
  • Security policy development
  • Compliance frameworks (PCI-DSS, SOC 2, ISO 27001, GDPR)
  • Service mesh security (mTLS, traffic policy, zero-trust)
  • AWS security controls (IAM, SCPs, GuardDuty, Security Hub, Inspector, Macie, Control Tower, Secrets Manager, KMS)
  • CSPM and DSPM program operation

Nice to have

  • AI system security research
  • novel AI security techniques

What the JD emphasized

  • execution-oriented role
  • hands-on
  • security at scale is a product problem
  • AI & Agentic System Security — Hands-On Implementation
  • Demonstrated experience applying AI and machine learning techniques within cybersecurity contexts
  • Implement security architecture for LLM-based applications, RAG pipelines, and agentic AI systems
  • Evaluate and operationalize AI-powered security tooling
  • Embed security early in Expedia Group's AI development lifecycle
  • security infrastructure, platforms, and services
  • running systems
  • operating controls
  • measurable outcomes at enterprise scale
  • systems measurably more secure

Other signals

  • AI & Agentic System Security
  • LLM-based applications
  • RAG pipelines
  • agentic AI systems
  • prompt injection
  • model abuse
  • data exfiltration
  • agent trust boundaries
  • AI-powered security tooling
  • automated threat detection
  • vulnerability triage
  • AI-driven response
  • AI development lifecycle
  • model selection
  • fine-tuning practices
  • deployment architecture