Wyndham Hotels & Resorts is the world’s largest hotel franchising company, and they are seeking a Cybersecurity Operations Engineer to join their Information Security team. The role involves monitoring, triaging, and responding to security events across the enterprise, while also executing incident response activities and maintaining security tooling.
Monitor, triage, and investigate security alerts generated across the enterprise tool stack, including SIEM, EDR/XDR, SaaS, cloud and network security platforms
Escalate complex or high-severity events to other teams and senior team members with clear, actionable documentation
Maintain daily ownership of the security event queue, including log analysis, alert management, and disposition tracking
Participate in an on-call rotation to provide after-hours coverage for critical security events
Configure, tune, and maintain cybersecurity platforms including EDR, SIEM, log management, SWG, CASB, and other platform tools
Provide Level 1 application support for all security tools under the Cybersecurity Operations Center’s management
Maintain working familiarity with cloud and application security platforms to support cross-functional workflows and escalations
Create and maintain security operations documentation including incident playbooks, standard operating procedures, and triage runbooks
Contribute to process improvement efforts by identifying gaps in current workflows and recommending practical solutions
Collect, track, and report on security metrics across managed platforms to support leadership visibility and program improvement
Collaborate with other cybersecurity teams to ensure consistent detection coverage and response capability across domains
Participate in cross-training with other SOC engineers to maintain shared proficiency across all security tools and processes
Build and maintain working relationships with peer teams to support coordinated response to cross-functional security issues
Support information security governance activities by providing evidence and documentation for internal audits, compliance assessments, and regulatory reviews
Assist in enforcing security policies and standards across cybersecurity-managed systems and tools
Identify and flag deviations from established security baselines and escalate where remediation is required
Support vendor evaluations and proof-of-concept assessments for new security technologies
Assist with development of security awareness training content
Devise methods to automate security operational tasks or streamline triage processes where applicable
Perform or support activities such as penetration testing exposure reviews or secure code assessments when specialized coverage is needed
Qualification
Required
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field; or equivalent hands-on experience
1–3 years in a cybersecurity role is preferred
Demonstrated experience in security monitoring, alert triage, and incident response, including familiarity with the full incident response lifecycle from detection through post-incident review
Working knowledge of core security technologies including SIEM, EDR/XDR, SaaS, firewalls, content filtering, data loss prevention, endpoint protection, and log collection and analysis
Strong understanding of network protocols and application layer services
Familiarity with enterprise security platforms is a strong advantage, including but not limited to SentinelOne, Cribl, Zscaler, Netskope, Akamai, Firemon, Obsidian, Orca, Rapid7, Checkmarx, Tenable, and Intezer, to name a few
Preferred
Exposure to or genuine curiosity about adjacent cybersecurity disciplines including application security, cloud security, and SaaS security
Familiarity with cloud security concepts and how they apply to a hybrid enterprise environment
Prior exposure to AWS, Azure, or GCP security tooling is a plus
Awareness of AI and emerging technology security risks, including exposure to AI platforms, large language models (LLMs), and concepts such as MCP security
Experience with scripting or automation. Candidates who use code to solve operational problems, not just those who can write it, are strongly preferred
Strong analytical instincts. Able to connect dots across disparate data sources, think through attacker behavior, and move from raw alert data to a clear conclusion
Clear and direct communicator. Comfortable translating technical findings into plain language for non-technical stakeholders, and equally comfortable discussing details with engineering peers
Self-starter with the ability to manage individual workstreams independently while contributing effectively within a team
Comfortable operating with ambiguity and taking initiative when a clear path forward is not defined
Genuine passion for cybersecurity. Someone who follows threat research, tracks industry news, tinkers in home labs, or pursues certifications on their own time
Benefits
Health insurance with HSA and FSA options
Dental insurance
Vision insurance
Life/AD&D insurance
Short- and Long-Term Disability coverage
401(k) with generous company match
Vacation time- Accrue 1.615 hours of paid vacation per week
Paid holidays- 11 Core Scheduled Paid Holidays with potential additional paid days off as business operations and the calendar permit (e.g. in 2026, there is an additional 7 days of paid company closure).
Paid sick leave accrued as state and local laws require
Additional paid time off in the form of one volunteer day, bereavement time, as well as jury duty time.
Wyndham Hotels & Resorts is the world's largest hotel franchisor by number of properties.
Glassdoor
3.7
Founded in 2018
Parsippany, New Jersey, USA
1001-5000 employees
https://corporate.wyndhamhotels.com/
Wyndham Hotels & Resorts is the world's largest hotel franchisor by number of properties.
