Security Engineer - Detection & Response

Employer: Booking Holdings
  • Engineering
  • IT Hardware
  • IT Software
  • Job type: full-time
    Job level: 1 - 5 years of experience
  • Buzau
  • Ilfov
  • Updated at: 22.03.2023
    Job remote: On-site
    Short company description

    Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

    As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer-facing brands:, Priceline, Agoda, KAYAK, OpenTable and


    The role of Security Engineer - Detection & Response is to build, maintain and constantly improve the efficiency and coverage of the Cyber Detection & Response capabilities. 
    This role would focus on implementing the detection use cases based on their priority (Getting the required observability, pipelines, correlation, enrichment, automation and build the underlying integrations and solution required therefore) and make them available to Security Monitoring and Incident Response.
    The second focus would be to use the engineering toolbox to closely support any need of the CSIRT/SOC teams in automation and response orchestration tools


    Bachelor degree OR equivalent experience and Specialized Diploma (Relevant certifications) Broad Job Knowledge (3 - 5 years)
    Has  practical experience and expert knowledge (technical and procedural) in cyber threats detection & incident response, SIEM/SOAR/XDR. 
    Has experience and practical knowledge in modern attacker methodologies and adversary techniques, tactics, and procedures identification using enterprise security tools. 
    Understanding of security control frameworks like Mitre ATT&CK, NIST CSF, PCI DSS, SoX, GDPR, ISO 2700X, etc. 
    Scripting and automation experience including python, bash, git CI/CD, Puppet/Ansible).
    Experience with Elasticsearch/Kibana and knowledge of Query DSL and EQL 
    SecDevOps experience
    Has knowledge and practical experience with modern compute platforms such as cloud and containers 
    Has knowledge and practical experience with modern compute platforms such as cloud and containers
    Robust understanding of IT fundamentals across networking, system, cloud, virtualization platforms and application layers and advanced understanding of at least one operating system (Windows, Linux, OSX).



    System Engineering

    Uses highly specialized domain knowledge, software development knowledge and analytical skills in order to define the requirements, the technical designs and, implement the CDR software systems and application. 
    Performs the testing and the required modification of the CDR software systems and application.

    Detection Engineering

    Implements cyber threat detection use cases based on their priority. 
    Responsible for research and defining technical methods to hands-on implement the detection use cases.
    Get in place the required observability, pipeline, correlation rules, enrichment, automation and build the underlying integrations and solution required therefore.
    Uses stakeholder management and communication skills to illustrate the business impact of technical requirements and navigate the way throughout upstream teams and stakeholder landscapes to get the dependencies implemented.
    Constantly optimizes alert precision and proactively strives for optimization 
    Constantly assures availability and reliability of the detection use cases alerts for Security Monitoring and Incident Response services.

    Ongoing Testing ,Maintenance & SecDevOps

    Responsible to constantly and proactively test, maintain, improve, tune and and fix any: detection use cases, alerting rules, integrations, automation, orchestrated playbooks, enrichments, SOAR applications
    Responsible for assuring the pipeline of the SOC/CSIRT and urgently fixing in case of any problems.
    Responsible for technical availability, effectiveness, quality and resilience of all the tooling, technology and detection engineering used in SOC/CSIRT teams.

    Engineering the Security Monitoring and Incident Response

    Proactively seeks to identify opportunities and implements engineering solutions to achieve efficiency gains in Security Monitoring and IR efficiency, for example: Automation of manual IR activities, creating response orchestration playbooks, creating and maintaining integrations, alerts and systems tunings, auto field enrichment etc. 

    Supports and delivers CDR services

    Responsible for implementing CDR engineering backlog items set by CDR product management.
    Acts as Subject Matter Expert (SME) for all aspects of detection and response, SIEM, XDR, SOC, SOAR technology and processes 
    Participates in different security assurance assessments such as Purple team, Red Team, Attack path map etc.
    Supports any compliance and maturity assessment (such as NIST, PCI, SoX) - provides answers with evidence and creates documentation for that purpose if needed. 
    Supports IR teams as SME upon need.
    Understands the world of threats, hacking and attacker methodologies. 
    Codes and build scripts
    Responsible for documenting any work related to detection & response engineering.
    Participates in CDR Engineering on-call ROTA (24/7 response to critical issues/outages).

    Other info


    Health insurance (Signal Iduna)
    Prepaid medical subscription (Regina Maria)
    Meal vouchers (20 RON/ticket)
    25 days annual leave
    Birthday day off
    Work-from-home allowance
    Home office one-time bonus
    Summer break
    Gym subscription