L2 Cyber Security Incident Response Analyst & Team Leader

Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer-facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

We are looking for a highly skilled L2 CSIRT Analyst & Team Lead to join our rapidly growing 24/7 Cyber Security Incident Response Team. This highly specialized technical subject matter expert position focuses on managing and leading a small group of cybersecurity analysts, side-by-side with hands-on investigating threats and alerts within large-scale cross-platform environments, performing threat hunting and digital forensics in order to identify intrusions and effectively respond to mitigate security threats on the business.
Booking Holdings Cyber Detection & Response Group (“CDR”), provides top of the line cyber defense services and capabilities Across Booking Holdings group. 
In the Cyber Detection & Response group we use the best tooling and most advanced technologies, hire top talent and are always up-to-date with the most innovative methodologies for cyber defense. 
We believe that the passion and talent of our people is our strength – it is what drives us towards outstanding performance. We offer a dynamic, motivating and sophisticated work environment. We are eager to provide everyone the opportunity to learn, and develop skills in a truly world leading security practice. Our culture is open, innovative and performance orientated. 

B.skilled

Operations

This role requires technology subject matter expertise in performing hands-on technical incident response, in-depth technical investigations and Threat Hunting. It is an individual who reads logs, collects technical evidence and puts together the full picture. The ideal candidate is well plugged in the world of hacking and defense and adversary techniques, all with a hands-on keyboard perspective.
3+ years of operational security experience (SOC, Incident Response, Malware Analysis, etc.)
Bachelor's Degree OR equivalent experience and relevant certification (such as CompTIA Security+, Network+, CySA+, CCNA, CCNA CyberOps, GCIH, GCIA, GCFA, GCFE, GSEC, GCED, GREM, OSCP, OSCE, and similar)
Experience working independently to detect, handle,  investigate and effectively respond to cybersecurity incidents
Ability to assess security incidents quickly and communicate/coordinate a course of action to respond to the incident, while mitigating risk and limiting the impact
Practical experience identifying adversary techniques, tactics, and procedures with enterprise security tools with a demonstrable understanding of modern attacker methodologies. 
Experience in developing and maintaining playbooks, runbooks, and operational documentation.
Robust understanding of IT fundamentals across networking, system, cloud, virtualization platforms , application layers and advanced understanding of at least one operating system (Windows, Linux, OSX)
Highly disciplined and motivated: a self-starter who is able to both work independently or as a member of a team
Demonstrates a Can-Do, delivery-focused and solution-oriented approach (rather than problem-oriented); Flexible, practical, and positive mindset. Is quick to adapt to changing situations.

People and Team Management

Works on shifts covering 16/5 (Monday to Friday, 7 AM - 4 PM ; 1 PM - 10 PM)
Manages a small group of cybersecurity analysts from the 24/7 team 
Assists the 24/7 CSIRT Manager with different projects & tasks
Monitors the 24/7 team KPIs and generates detailed metric reports
Generates monthly quality assurance reports
Provides mentoring and regular trainings to the team
Assists the new joiners during the onboarding period to make sure they have a positive experience and they are ready to start their 24/7 cybersecurity journey 

Operations

Responsible for investigating the incidents escalated by the 24/7  Cyber Security Incident Response Team
Assists the 24/7 team with triaging and investigating cybersecurity alerts raised by a wide variety of security tools like: SOAR, EDR, XDR, IPS/IDS, SIEM, Sandbox, Cloud security  and Email Security
Coordinates escalation, response, resolution, and reporting of cybersecurity incidents
Performs technical investigation on complex security incidents to achieve efficient mitigation for active threats and identification of the root cause
Performs quality hands-on technical incident response, log analysis, and threat hunting.
Collaborates on various departmental projects that help the organization improve its cyber security posture and achieve its mission/objectives
Collaborates with different CDR stakeholders and vendors to remediate any identified gaps
Masters and uses CSIRT’s playbooks, runbooks, workflows, operational documentation, and processes. Contributes to the writing and maintenance of all such documents. 
Looks for opportunities to improve documentation, standardization and automation of CSIRT processes
Owns and delivers on assigned projects (often around improvements to detections, processes and playbooks) while balancing execution and deliveries with operations and IR workload; Supports other team members in projects.
Drives continuous improvements of our detection and response capabilities by identifying and owning improvement areas in the technology, methods, processes (including opportunities around detection tuning and automation)
Offers on-call support during the nights, weekends and public holidays

Benefits:

Health insurance (Signal Iduna)
Prepaid medical subscription (Regina Maria)
Meal vouchers (20 RON/ticket)
25 days annual leave
Birthday day off
Work-from-home allowance
Home office one-time bonus
Summer break
Gym subscription