Cybersecurity Operation Engineer

Why Wyndham?

By joining Wyndham Hotels & Resorts, you will play an integral role in our mission to make hotel travel possible for all. You’ll be part of the largest hotel franchise company in the world, where we strive to deliver the best value to our owners and guests. Most importantly, you’ll be entrusted to live our unique Count on Me culture, set by our core values of integrity, accountability, inclusive, caring and fun. At Wyndham, we provide all team members the opportunity to grow through best-in-class training and career development, leadership training, mentorship opportunities and educational support.  Supporting our team members is a top priority, which is why we offer competitive compensation and benefits, vacation, team member appreciation days, workplace flexibility and much more.  At Wyndham Hotels & Resorts, we value and embrace a culture of diversity, equity and inclusion that supports team members of all backgrounds and experiences. We can’t wait to welcome you!

The Role

Wyndham Hotels & Resorts is seeking a Cybersecurity Operations Engineer to join the Information Security team and serve as a core member of the Security Operations Center (SOC). This is a technically broad role anchored in security monitoring and incident response, with meaningful exposure across vulnerability management, cloud security, application security, and threat hunting. The engineer will work across a modern, multi-platform security environment and is expected to develop a working familiarity with the full Wyndham cybersecurity tool stack rather than deep ownership of any single platform.
As a member of the Cybersecurity Operations Team, this role will monitor, triage, and respond to security events across the enterprise, execute incident response activities, and maintain and tune security tooling to keep detections effective and false positive rates low. The role works closely with various teams on escalations and cross-functional initiatives, and collaborates across IT, business, and other information security teams.
The ideal candidate brings 1-3 years of hands-on experience in a security operations or engineering capacity, combined with the curiosity and technical range to grow across cybersecurity disciplines. Clear communication skills are essential, as the engineer will regularly interface with both technical peers and non-technical stakeholders during active security events and day-to-day operations.

What you'll do

• Monitor, triage, and investigate security alerts generated across the enterprise tool stack, including SIEM, EDR/XDR, SaaS, cloud and network security platforms. Escalate complex or high-severity events to other teams and senior team members with clear, actionable documentation. Maintain daily ownership of the security event queue, including log analysis, alert management, and disposition tracking. Participate in an on-call rotation to provide after-hours coverage for critical security events.
• Configure, tune, and maintain cybersecurity platforms including EDR, SIEM, log management, SWG, CASB, and other platform tools. Provide Level 1 application support for all security tools under the Cybersecurity Operations Center’s management. Maintain working familiarity with cloud and application security platforms to support cross-functional workflows and escalations.
• Create and maintain security operations documentation including incident playbooks, standard operating procedures, and triage runbooks. Contribute to process improvement efforts by identifying gaps in current workflows and recommending practical solutions. Collect, track, and report on security metrics across managed platforms to support leadership visibility and program improvement.
• Collaborate with other cybersecurity teams to ensure consistent detection coverage and response capability across domains. Participate in cross-training with other SOC engineers to maintain shared proficiency across all security tools and processes. Build and maintain working relationships with peer teams to support coordinated response to cross-functional security issues.
• Support information security governance activities by providing evidence and documentation for internal audits, compliance assessments, and regulatory reviews. Assist in enforcing security policies and standards across cybersecurity-managed systems and tools. Identify and flag deviations from established security baselines and escalate where remediation is required.
• Support vendor evaluations and proof-of-concept assessments for new security technologies.
• Assist with development of security awareness training content.
• Devise methods to automate security operational tasks or streamline triage processes where applicable.
• Perform or support activities such as penetration testing exposure reviews or secure code assessments when specialized coverage is needed.

You'll be successful if you have

• Exposure to or genuine curiosity about adjacent cybersecurity disciplines including application security, cloud security, and SaaS security. 
• Familiarity with cloud security concepts and how they apply to a hybrid enterprise environment. Prior exposure to AWS, Azure, or GCP security tooling is a
• plus. 
  Awareness of AI and emerging technology security risks, including exposure to AI platforms, large language models (LLMs), and concepts such as MCP security. 
• Experience with scripting or automation. Candidates who use code to solve operational problems, not just those who can write it, are strongly preferred.
• Strong analytical instincts. Able to connect dots across disparate data sources, think through attacker behavior, and move from raw alert data to a clear conclusion.
• Clear and direct communicator. Comfortable translating technical findings into plain language for non-technical stakeholders, and equally comfortable discussing details with engineering peers. 
• Self-starter with the ability to manage individual workstreams independently while contributing effectively within a team. Comfortable operating with ambiguity and taking initiative when a clear path forward is not defined. 
• Genuine passion for cybersecurity. Someone who follows threat research, tracks industry news, tinkers in home labs, or pursues certifications on their own time.

Required Qualifications/Experience

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field; or equivalent hands-on experience. 1–3 years in a cybersecurity role is preferred.
• Demonstrated experience in security monitoring, alert triage, and incident response, including familiarity with the full incident response lifecycle from detection through post-incident review. 
• Working knowledge of core security technologies including SIEM, EDR/XDR, SaaS, firewalls, content filtering, data loss prevention, endpoint protection, and log collection and analysis. 
• Strong understanding of network protocols and application layer services.
• Familiarity with enterprise security platforms is a strong advantage, including but not limited to SentinelOne, Cribl, Zscaler, Netskope, Akamai, Firemon, Obsidian, Orca, Rapid7, Checkmarx, Tenable, and Intezer, to name a few.