L2 Cyber Security Incident Response Analyst

Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer-facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

The Cyber Security Incident Response Analyst (CSIRT Analyst) is a key player in providing detection, investigation and response to cyber security attacks and threats such as ransomware, spear-phishing, APT. This highly specialized technical subject matter expert position focuses on investigating threats and alerts within large-scale cross-platform environments, performing threat hunting and digital forensics in order to identify intrusions and effectively respond to mitigate security threats on the business.

B.skilled

This role requires technology subject matter expertise in performing hands-on technical incident response, in-depth technical investigations and Threat Hunting. It is an individual who reads logs, collects technical evidence and puts together the full picture. The ideal candidate is well plugged in the world of hacking and defense and adversary techniques, all with a hands-on keyboard perspective.
3+ years of operational security experience (SOC, Incident Response, Malware Analysis, etc.)
Bachelor's Degree OR equivalent experience and relevant certification (such as (such as CompTIA Security+, Network+, CySA+, CCNA, CCNA CyberOps, GCIH, GCIA, GCFA, GCFE, GSEC, GCED, GREM, OSCP, OSCE, and similar)
Experience working independently to detect, handle,  investigate and effectively respond to cybersecurity incidents
Ability to assess security incidents quickly and communicate/coordinate a course of action to respond to the incident, while mitigating risk and limiting the impact
Practical experience identifying adversary techniques, tactics, and procedures with enterprise security tools with a demonstrable understanding of modern attacker methodologies. 
Experience developing and maintaining operations playbooks, runbooks, and operational documentation.
Robust understanding of IT fundamentals across networking, system, cloud, virtualization platforms , application layers and advanced understanding of at least one operating system (Windows, Linux, OSX)
Excellent interpersonal and communication skills in order to share knowledge and to communicate effectively with different stakeholders (IT and business partners)
Experience with projects or issues of high complexity that require knowledge across multiple technical areas and business units.
Willingness to be on-call, work non-standard hours upon need.
Highly disciplined and motivated: a self-starter who is able to both work independently or as a member of a team
Demonstrates a Can-Do, delivery-focused and solution-oriented approach (rather than problem-oriented); Flexible, practical, and positive mindset. Is quick to adapt to changing situations.
Constantly demonstrates ownership and proactiveness in seeking to improve and optimize in anything related to their and their team’s work.

Responsible for investigating the incidents escalated by the 24/7  Cyber Security Incident Response Team
Assists the 24/7 team with triaging and investigating cybersecurity alerts raised by a wide variety of security tools like: SOAR, EDR, XDR, IPS/IDS, SIEM, Sandbox, Cloud security  and Email Security
Coordinates escalation, response, resolution, and reporting of cybersecurity incidents
Performs technical investigation on complex security incidents to achieve efficient mitigation for active threats and identification of the root cause.
Performs quality hands-on technical incident response, log analysis, and threat hunting.
Collaborates on various departmental projects that help the organization improve its cyber security posture and achieve its mission/objectives
Collaborates with different CDR stakeholders and vendors to remediate any identified gaps
Monitors the 24/7 team KPIs and generate detailed metric reports when needed
Masters and uses CSIRT’s playbooks, runbooks, workflows, operational documentation, and processes. Contributes to the writing and maintenance of all such documents. 
Looks for opportunities to improve documentation and standardization of CSIRT processes
Owns and delivers on assigned projects (often around improvements to detections, processes and playbooks) while balancing execution and deliveries with operations and IR workload; Supports other team members in projects.
Drives continuous improvements of our detection and response capabilities quality and efficiency by identifying and owning improvement areas in the technology, methods, processes (including opportunities around detection tuning and automation). 
Works on shifts covering 16/5 (Monday to Friday, 7 AM - 10 PM)
Offers on-call support during the nights, weekends and public holidays

Benefits:

Health insurance (Signal Iduna)
Prepaid medical subscription (Regina Maria)
Meal vouchers (20 RON/ticket)
25 days annual leave
Birthday day off
Work-from-home allowance
Home office one-time bonus
Summer break
Gym subscription