Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.
As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through five-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK and OpenTable.
Role description
Booking Holdings Cyber Detection & Response Group (“CDR”), provides top of the line cyber defense services and capabilities across Booking Holdings group. In the Cyber Detection & Response group we use the best tooling and most advanced technologies, hire top talent and are always up-to-date with the most innovative methodologies for cyber defense.
The Cyber Security Incident Responder is a key player in providing detection, investigation and response to cyber security attacks and threats such as ransomware, spear-phishing, cloud-based attacks, and Advanced Persistent Threats (APTs).
This highly specialized technical subject matter expert position focuses on investigating threats and alerts within large-scale cross-platform environments, performing threat hunting and digital forensics in order to identify intrusions and effectively respond to mitigate security threats on the business.
This role provides a hybrid way of working with an onsite presence of 2 days/week.
Key Job Responsibilities and Duties
Responsible for investigating the incidents escalated by the 24/7 Triage & Monitoring team.
Assists the 24/7 Triage & Monitoring team with in-depth investigating cybersecurity alerts raised by a wide variety of security tools like: SOAR, EDR, XDR, IPS/IDS, SIEM, Sandbox, Cloud Security, Email Security, GitLab Security, Container Security.
Coordinates incident, response, escalation, and reporting of cybersecurity incidents.
Performs technical investigation on complex security incidents to achieve efficient mitigation for active threats and identification of the root cause.
Performs quality hands-on technical incident response, log analysis, and threat hunting.
Collaborates on various departmental projects that help the organization improve its cyber security posture and achieve its mission/objectives.
Collaborates with different CDR stakeholders and vendors to remediate any identified gaps.
Define and use CSIRT’s playbooks, runbooks, workflows, operational documentation, and processes. Contributes to the writing and maintenance of all such documents.
Looks for opportunities to improve documentation and standardization of CSIRT processes.
Owns and delivers on assigned projects (often around improvements to detections, processes and playbooks) while balancing execution and deliveries with operations and IR workload; Supports other team members in projects.
Drives continuous improvements of our detection and response capabilities quality and efficiency by identifying and owning improvement areas in the technology, methods, processes (including opportunities around detection tuning and automation).
Works on shifts covering 16/5 (Monday to Friday, 7 AM - 10 PM).
Offers on-call support during the nights, weekends and public holidays.
Role Qualifications and Requirements
This role requires technology domain expertise in performing hands-on technical incident response, in-depth technical investigations and Threat Hunting. It is an individual who reads logs, collects technical evidence and puts together the full picture. The ideal candidate is well plugged in the world of hacking and defense and adversary techniques, all with a hands-on keyboard perspective.
3+ years of operational security experience (SOC, Incident Response, Malware Analysis, etc.).
Bachelor's Degree OR equivalent experience and relevant certification (such as CompTIA Security+, Network+, CySA+, CCNA, CCNA CyberOps, GCIH, GCFR, GEIR, GCIA, GCFA, GCFE, GSEC, GCED, GREM, OSCP, OSCE, and similar).
Experience working independently to detect, handle, investigate and effectively respond to cybersecurity incidents.
Ability to assess security incidents quickly and communicate/coordinate a course of action to respond to the incident, while mitigating risk and limiting the impact.
Practical experience identifying adversary techniques, tactics, and procedures with enterprise security tools with a demonstrable understanding of modern attacker methodologies.
Experience developing and maintaining operations playbooks, runbooks, and operational documentation.
Robust understanding of IT fundamentals across networking, system, cloud, virtualization platforms , application layers and advanced understanding of at least one operating system (Windows, Linux, OSX).
Good interpersonal and communication skills in order to share knowledge and to communicate effectively with different stakeholders (IT and business partners).
Experience with projects or issues of high complexity that require knowledge across multiple technical areas and business units.
Highly disciplined and motivated: a self-starter who is able to both work independently or as a member of a team.
Demonstrates a Can-Do, delivery-focused and solution-oriented approach (rather than problem-oriented); Flexible, practical, and positive attitude. Is quick to adapt to changing situations.
Constantly demonstrates ownership and proactiveness in seeking to improve and optimize in anything related to their and their team’s work.
Benefits & Perks
Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
Working in a fast-paced and performance driven culture
Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
Competitive compensation and benefits package
Vast amounts of data to validate your ideas and the opportunity to experiment with real users
Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.
Pre-Employment Screening
If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.
