Cloud Security Engineer II (AWS, SecOps)

The Tripadvisor Group connects people to experiences worth sharing, and aims to be the world’s most trusted source for travel and experiences. We leverage our brands, technology, and capabilities to connect our global audience with partners through rich content, travel guidance, and two-sided marketplaces for experiences, accommodations, restaurants, and other travel categories. The subsidiaries of Tripadvisor, Inc. (Nasdaq: TRIP), include a portfolio of travel brands and businesses, including Tripadvisor, Viator, and TheFork.

We are looking for a hands-on Cloud Security Engineer II (AWS, SecOps) to be the first line of defense for the Tripadvisor Experiences platform. This is a critical mid-level role that blends proactive security engineering with reactive incident response. You will live and breathe in our product's cloud environment, monitoring for threats, responding to security incidents, automating defenses, and working closely with our engineering teams to build a more resilient platform.

• Monitor, analyze, and investigate security alerts originating from our AWS infrastructure, application logs, and security tooling (WAF, SIEM, Cloud-Native tools).
• Respond to security incidents that directly impact the Tripadvisor Experiences application, such as potential data breaches, application-layer attacks, or infrastructure compromises.
• Triage vulnerabilities reported through our bug bounty program and other external sources.

• Build and maintain security monitoring and alerting capabilities within our production environment.
• Automate security operations tasks using scripting languages like Python or Go to improve our detection and response times.
• Configure, tune, and help manage security tools like our Web Application Firewall (WAF), AWS GuardDuty, and Security Hub.

• Operationalize findings from application security tools (SAST, DAST, SCA) by working with engineering teams to prioritize and remediate vulnerabilities in our codebase and dependencies.
• Conduct threat modeling for new features to identify and mitigate risks before they reach production.
• Collaborate with engineering teams and provide guidance on secure coding practices and architecture.

• AWS Security Operations: Hands-on experience securing a production environment in AWS. You must be comfortable with its core security services (e.g., GuardDuty, Security Hub, WAF, CloudTrail).
• AWS Cloud Infrastructure: A good understanding of core AWS services beyond just security tools (e.g., VPC networking, EC2, RDS, S3, Lambda, EKS). You must be capable of understanding and spinning up a full infrastructure stack to effectively secure it.
• Infrastructure as Code: Proficiency with Terraform for managing and securing cloud infrastructure. You should be able to read, write, and review Terraform code, ensuring that the infrastructure you define is secure by design.
• Incident Response: Proven experience with the full lifecycle of security incidents, from initial detection and analysis to containment, remediation, and post-mortem.
• Scripting for Automation: Proficiency in at least one scripting language (e.g., Python, Go, Bash) to automate security operations and analysis tasks.
• Application Security Fundamentals: A solid understanding of common web application vulnerabilities (OWASP Top 10) and how to defend against them.
• Demonstrated ability to use AI tools to improve efficiency, quality, and decision-making in day-to-day work.
• Proven ability to operate effectively with a global-first mindset.

We exist to create value for our customer, the traveler. We enable our suppliers and partners to unlock this value. Their collective behaviors and insights are what drives us. 

We act fast, experiment, learn from failure, iterate, and improve the solutions of tomorrow across every aspect of our business. Our execution is agile, data-driven, prioritised, and built to scale. We assume no problem is someone else’s problem and finish what can be done today, knowing tomorrow will bring fresh challenges. 

The best outcomes are driven by empathic, humble, and diverse subject matter experts working toward shared goals. We collaborate relentlessly, challenge assumptions, give actionable feedback, and set each other up for success through empowered teams with a clear charter. We transparently take ownership of our growth, individually and as a team. We celebrate the quality of our effort, our learnings, and our collective achievements.

Discover more in our Tech Blog, for an inside look into some of our exciting and ground-breaking technical projects across the Tripadvisor Group.

Tripadvisor Group also champions the unique identities, abilities, and experiences of all our people – employees, customers, and partners. This stems from our belief in the transformative power of travel, dining, and experiences to connect us and open doors to worlds very different from our own. Our ED&I strategy shapes how we approach our people, culture, business, and reputation. Tripadvisor Group strives to embed inclusion and belonging across all our brands. 

Tripadvisor is firmly and passionately an equal opportunity employer. All applicants will receive consideration for employment without regard to race, colour, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. 

We strive to create an accessible and inclusive experience for all candidates. If you need a reasonable accommodation during the application or the recruiting process, please make sure to reach out to your individual recruiter or our team at AccessibleRecruiting@tripadvisor.com.

If you have any additional questions about careers at Tripadvisor you can email us at recruitment@tripadvisor.com. We have all the answers!

#LI-AMCVAY

#LI-Hybrid

#LI-Remote