L2 Cyber Security Incident Response Analyst & Team Leader

Angajator: Booking Holdings
  • Altele
  • Tip job: full-time
    Nivel job: 1 - 5 ani experienta
  • Actualizat la: 21.03.2023
    Job remote: On-site
    Scurta descriere a companiei

    Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

    As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer-facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.


    We are looking for a highly skilled L2 CSIRT Analyst & Team Lead to join our rapidly growing 24/7 Cyber Security Incident Response Team. This highly specialized technical subject matter expert position focuses on managing and leading a small group of cybersecurity analysts, side-by-side with hands-on investigating threats and alerts within large-scale cross-platform environments, performing threat hunting and digital forensics in order to identify intrusions and effectively respond to mitigate security threats on the business.
    Booking Holdings Cyber Detection & Response Group (“CDR”), provides top of the line cyber defense services and capabilities Across Booking Holdings group. 
    In the Cyber Detection & Response group we use the best tooling and most advanced technologies, hire top talent and are always up-to-date with the most innovative methodologies for cyber defense. 
    We believe that the passion and talent of our people is our strength – it is what drives us towards outstanding performance. We offer a dynamic, motivating and sophisticated work environment. We are eager to provide everyone the opportunity to learn, and develop skills in a truly world leading security practice. Our culture is open, innovative and performance orientated. 



    This role requires technology subject matter expertise in performing hands-on technical incident response, in-depth technical investigations and Threat Hunting. It is an individual who reads logs, collects technical evidence and puts together the full picture. The ideal candidate is well plugged in the world of hacking and defense and adversary techniques, all with a hands-on keyboard perspective.
    3+ years of operational security experience (SOC, Incident Response, Malware Analysis, etc.)
    Bachelor's Degree OR equivalent experience and relevant certification (such as CompTIA Security+, Network+, CySA+, CCNA, CCNA CyberOps, GCIH, GCIA, GCFA, GCFE, GSEC, GCED, GREM, OSCP, OSCE, and similar)
    Experience working independently to detect, handle,  investigate and effectively respond to cybersecurity incidents
    Ability to assess security incidents quickly and communicate/coordinate a course of action to respond to the incident, while mitigating risk and limiting the impact
    Practical experience identifying adversary techniques, tactics, and procedures with enterprise security tools with a demonstrable understanding of modern attacker methodologies. 
    Experience in developing and maintaining playbooks, runbooks, and operational documentation.
    Robust understanding of IT fundamentals across networking, system, cloud, virtualization platforms , application layers and advanced understanding of at least one operating system (Windows, Linux, OSX)
    Highly disciplined and motivated: a self-starter who is able to both work independently or as a member of a team
    Demonstrates a Can-Do, delivery-focused and solution-oriented approach (rather than problem-oriented); Flexible, practical, and positive mindset. Is quick to adapt to changing situations.


    People and Team Management

    Works on shifts covering 16/5 (Monday to Friday, 7 AM - 4 PM ; 1 PM - 10 PM)
    Manages a small group of cybersecurity analysts from the 24/7 team 
    Assists the 24/7 CSIRT Manager with different projects & tasks
    Monitors the 24/7 team KPIs and generates detailed metric reports
    Generates monthly quality assurance reports
    Provides mentoring and regular trainings to the team
    Assists the new joiners during the onboarding period to make sure they have a positive experience and they are ready to start their 24/7 cybersecurity journey 


    Responsible for investigating the incidents escalated by the 24/7  Cyber Security Incident Response Team
    Assists the 24/7 team with triaging and investigating cybersecurity alerts raised by a wide variety of security tools like: SOAR, EDR, XDR, IPS/IDS, SIEM, Sandbox, Cloud security  and Email Security
    Coordinates escalation, response, resolution, and reporting of cybersecurity incidents
    Performs technical investigation on complex security incidents to achieve efficient mitigation for active threats and identification of the root cause
    Performs quality hands-on technical incident response, log analysis, and threat hunting.
    Collaborates on various departmental projects that help the organization improve its cyber security posture and achieve its mission/objectives
    Collaborates with different CDR stakeholders and vendors to remediate any identified gaps
    Masters and uses CSIRT’s playbooks, runbooks, workflows, operational documentation, and processes. Contributes to the writing and maintenance of all such documents. 
    Looks for opportunities to improve documentation, standardization and automation of CSIRT processes
    Owns and delivers on assigned projects (often around improvements to detections, processes and playbooks) while balancing execution and deliveries with operations and IR workload; Supports other team members in projects.
    Drives continuous improvements of our detection and response capabilities by identifying and owning improvement areas in the technology, methods, processes (including opportunities around detection tuning and automation)
    Offers on-call support during the nights, weekends and public holidays

    Alte informatii


    Health insurance (Signal Iduna)
    Prepaid medical subscription (Regina Maria)
    Meal vouchers (20 RON/ticket)
    25 days annual leave
    Birthday day off
    Work-from-home allowance
    Home office one-time bonus
    Summer break
    Gym subscription