Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.
As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through five-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK and OpenTable.
Role description
The 24/7 Cyber Security Triaging and Monitoring Team is our front line of cyber defense, detecting and responding to cyber attacks in real time, using state-of-the-art technology, processes and procedures.
This role provides a hybrid way of working with an onsite presence of 2 days/week.
Key Job Responsibilities and Duties
Responsible for triaging and investigating cybersecurity alerts raised by a wide variety of security tools like: SOAR, EDR, XDR, SIEM, Sandbox, Cloud security and Email Security
Perform end-to-end analysis on potential malicious alerts raised by our multitude of internal tools or reported by the employees
Report to the 24/7 Cyber Defense Operations & Response Leadership and be willing to work on a 24/7 shift structure (night and weekend shifts as well)
Collaborate with other CDR stakeholders during the 6 phases of cybersecurity incident: Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned
Reach out to users or stakeholders to obtain additional information that can help in the assessment of the impact of an incident
Escalate to higher TIER upon need or based on our sophisticated playbooks & SOPs
Perform IOC Sweeps and Threat Hunting.
Improve and maintain playbooks, SOPs and other internal documentation.
Provide guidance and assistance to the new analysts
Contribute to the team’s efficiency by identifying new opportunities for
detections fine tuning, automations, enrichments and playbook improvements
Role Qualifications and Requirements
1-3 years of hands-on operational security experience in a 24x7 SOC environment
Relevant Cybersecurity certifications, such as CompTIA Security+, CySA+, Blue Team lvl 1, GCIH, GCIA, HackTheBox & LetsDefend trainings and similar)
Experience working independently to detect, handle, investigate and effectively respond to cybersecurity alerts by following IR playbooks and procedures
Previous experience in Phishing and Malware cases investigation
Ability to assess security alerts quickly and increase or decrease the severity based on the outcome of the initial investigation
Hands-on experience with enterprise security tools
Experience in working closely with playbooks, SOPs and other technical documentation,
Robust understanding of IT fundamentals and general cybersecurity concepts
Good interpersonal and communication skills
Willingness to work in a 24/7 shift structure
Highly disciplined and motivated: a self- starter who is able to both work independently and as a member of the team
Inherently suspicious/skeptical (in a good way) regarding alerts and avoids confirmation bias towards false positives
Constantly demonstrates ownership and proactiveness in seeking to improve and optimize in anything related to their and their team’s work.
Benefits & Perks
Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
Working in a fast-paced and performance driven culture
Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
Competitive compensation and benefits package
Vast amounts of data to validate your ideas and the opportunity to experiment with real users
Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.
Pre-Employment Screening
If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.
