We're partnering with a leading global provider of vacation ownership, rental, and resort experiences, who are known for their vacation club memberships, timeshare properties, and luxury travel options across a portfolio of high-end resorts and destinations. With a strong focus on customer service, they offer flexible vacation solutions such as points-based systems and exchange programs, and operate under multiple well-known hospitality brands.
They are currently undergoing a technology transformation, with a focus on modernization to improve relationships with customers and further expand their accessibility across all experiences and destinations. The goal is to be a technology leader in hospitality, and they are looking for individuals eager to bring their expertise to the organization long-term.
Under new leadership, the team has been reinvigorated and are primed for growth across their entire Global Technology organization including Engineering & Operations, Data Platforms & Engineering, Artificial Intelligence, Information Security, Privacy, Infrastructure, Products & Platforms, Delivery Office, and the Office of the CIO. The business intends to double it's spending on Technology across the organization for each of the next 3 years. This is your opportunity to be a part of the journey and drive innovation through technology adoption.
The ideal candidate is a technical security expert with deep experience in SIEM, SOAR, EDR, cloud security, and API security, along with a strong background in incident response, detection engineering, and security frameworks. This role requires someone who can architect, refine, and operationalize security processes while working closely with internal teams and external partners to improve detection, response, and threat mitigation strategies.
Key Responsibilities:
- Oversee the hybrid SOC and serve as POC across in-house security teams and MSSP providers to refine detection and response capabilities.
- Architect and optimize SIEM, SOAR, and EDR solutions to optimize effective log aggregation, correlation, and automation of security workflows.
- Develop, implement, and continuously assess incident response playbooks.
- Drive threat intelligence initiatives, incorporating real-world threat actor tactics, techniques, and procedures (TTPs) into detection and response strategies.
- Leverage security automation to streamline processes, reduce manual effort, and improve response times.
- Establish and enforce security frameworks and best practices within the SOC in alignment with NIST, MITRE ATT&CK, CIS, and other relevant standards.
- Collaborate with DevOps, IT, and engineering teams to ensure security is embedded across the technology stack.
- Continuously assess and improve security tools, processes, and integrations to stay ahead of emerging threats.
Required Qualifications:
- 10+ years of hands-on experience with deep expertise in security operations (incident response, detection engineering, threat intelligence).
- Bachelor's degree in Computer Science, Cybersecurity, or a related field.
- Deep expertise in SIEM, SOAR, EDR, cloud security, and security automation.
- Experience managing a hybrid SOC environment (in-house + MSSP collaboration).
- Strong knowledge of cloud security (AWS, GCP, Azure), container security (Kubernetes, Docker), and API security.
- In-depth experience with cyber threat intelligence, adversary tactics, and real-world attack detection.
- Familiarity with security frameworks and methodologies, including NIST 800-53, MITRE ATT&CK, CIS Benchmarks, and ISO 27001.
- Strong scripting and automation skills (Python, PowerShell, Terraform, or similar).
- Ability to work independently as a technical leader while collaborating across multiple teams.
Preferred Qualifications:
- Experience in the hospitality, travel, or entertainment industry.
- Certifications such as CISSP, CISM, GCFA, GCIH, AWS Security Specialty, or Kubernetes Security (CKS).
- Hands-on experience integrating MSSP threat intelligence feeds into security operations.
This role offers the opportunity to be the technical backbone of security operations, leading the charge in detection, response, and automation for a complex hybrid environment. You'll work with cutting-edge security technologies while shaping the future of security operations in a fast-paced, customer-centric industry.
Interested candidates must submit a resume with first+last name and contact information in order to be considered. This is a full-time position; applicants seeking C2C/C2H employment will not be accommodated.
