Booking Holdings Romania - Security Engineer - Detection & Response

Angajator: Booking Holdings
  • Internet - eCommerce
  • IT Hardware
  • IT Software
  • Tip job: full-time
    Nivel job: 1 - 5 ani experienta
  • Actualizat la: 16.07.2024
    Remote work: Hybrid

    Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

    As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world's leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands:, Priceline, Agoda, KAYAK, OpenTable and

    Role description

    The role of Security Engineer - Detection & Response is to build, maintain and constantly improve the efficiency and coverage of the Cyber Detection & Response capabilities.

    This role would focus on implementing the detection use cases based on their priority (Getting the required observability, pipelines, correlation, enrichment, automation and build the underlying integrations and solution required therefore) and make them available to Security Monitoring and Incident Response.

    The second focus would be to use the engineering toolbox to closely support any need of the CSIRT/SOC teams in automation and response orchestration tools.

    Key Job Responsibilities and Duties

    [System Engineering]

    • Uses highly specialized domain knowledge, software development knowledge and analytical skills in order to define the requirements, the technical designs and, implement the CDR software systems and application.
    • Performs the testing and the required modification of the CDR software systems and application.

    [Detection Engineering]

    • Implements cyber threat detection use cases based on their priority.
    • Responsible for research and defining technical methods to hands-on implement the detection use cases.
    • Get in place the required observability, pipeline, correlation rules, enrichment, automation and build the underlying integrations and solution required therefore.
    • Uses stakeholder management and communication skills to illustrate the business impact of technical requirements and navigate the way throughout upstream teams and stakeholder landscapes to get the dependencies implemented.
    • Constantly optimizes alert precision and proactively strives for optimization
    • Constantly assures availability and reliability of the detection use cases alerts for Security Monitoring and Incident Response services.

    [Ongoing Testing ,Maintenance & SecDevOps]

    • Responsible to constantly and proactively test, maintain, improve, tune and and fix any: detection use cases, alerting rules, integrations, automation, orchestrated playbooks, enrichments, SOAR applications
    • Responsible for assuring the pipeline of the SOC/CSIRT and urgently fixing in case of any problems.
    • Responsible for technical availability, effectiveness, quality and resilience of all the tooling, technology and detection engineering used in SOC/CSIRT teams.

    [Engineering the Security Monitoring and Incident Response]

    • Proactively seeks to identify opportunities and implements engineering solutions to achieve efficiency gains in Security Monitoring and IR efficiency, for example: Automation of manual IR activities, creating response orchestration playbooks, creating and maintaining integrations, alerts and systems tunings, auto field enrichment etc.

    [Supports and delivers CDR services]

    • Responsible for implementing CDR engineering backlog items set by CDR product management.
    • Acts as Subject Matter Expert (SME) for all aspects of detection and response, SIEM, XDR, SOC, SOAR technology and processes
    • Participates in different security assurance assessments such as Purple team, Red Team, Attack path map etc.
    • Supports any compliance and maturity assessment (such as NIST, PCI, SoX) - provides answers with evidence and creates documentation for that purpose if needed.
    • Supports IR teams as SME upon need.
    • Understands the world of threats, hacking and attacker methodologies.
    • Codes and build scripts
    • Responsible for documenting any work related to detection & response engineering.
    • Participates in CDR Engineering on-call ROTA (24/7 response to critical issues/outages)

    Role Qualifications and Requirements

    • Bachelor degree OR equivalent experience and Specialized Diploma (Relevant certifications) Broad Job Knowledge (3 - 5 years)
    • Has practical experience and expert knowledge (technical and procedural) in cyber threats detection & incident response, SIEM/SOAR/XDR.
    • Has experience and practical knowledge in modern attacker methodologies and adversary techniques, tactics, and procedures identification using enterprise security tools.
    • Understanding of security control frameworks like Mitre ATT&CK, NIST CSF, PCI DSS, SoX, GDPR, ISO 2700X, etc.
    • Scripting and automation experience including python, bash, git CI/CD, Puppet/Ansible).
    • Experience with Elasticsearch/Kibana and knowledge of Query DSL and EQL
    • SecDevOps experience
    • Has knowledge and practical experience with modern compute platforms such as cloud and containers
    • Has knowledge and practical experience with modern compute platforms such as cloud and containers
    • Robust understanding of IT fundamentals across networking, system, cloud, virtualization platforms and application layers and advanced understanding of at least one operating system (Windows, Linux, OSX).

    Benefits & Perks

    • Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide;
    • Working in a fast-paced and performance driven culture;
    • Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation;
    • Competitive compensation and benefits package;
    • Vast amounts of data to validate your ideas and the opportunity to experiment with real users.

    Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

    Pre-Employment Screening:

    If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.