Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.
As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through five-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK and OpenTable.
Role description
The senior application security engineer is responsible for validating that application services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security engineer addresses legacy and emerging security issues, and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation.
This role provides a hybrid way of working with an onsite presence of 2 days/week.
Key Job Responsibilities and Duties
Help the organization evolve its application security functions and services
Threat modeling, design reviews and consulting for teams throughout the company
Incident Management and Response
Work with the product team to drive business enablement through requirements gathering and risk analysis
Perform validation of security controls to insure alignment with compliance and industry best practices
Translate vulnerability analysis results into actionable remediation and mitigation steps
Collaborate with Offensive Security and Threat Intelligence teams to identify novel vulnerabilities
Build tools to simplify and automate Application Vulnerability Management processes
Maintain the WAF and lead any related improvements
Take a leadership role in working across the company on security projects
Assess and implement vendor security solutions that support our mission, application development
Role Qualifications and Requirements
5 to 8 years of combined Information Security or Information Technology Experience
B.S. or M.S. Computer Science or a related field, or equivalent experience
You have a breadth of knowledge and experience in application, infrastructure and systems security domains
You are a fast learner and have experience partnering with cross-functional teams
You have experience managing a bug bounty program, including triaging and providing strategic recommendations to engineering leads
Technical certifications within information security are a plus (CISSP, CCSP, OSCP, OSWE or equivalents)
Hacker mindset, passion for security always strive to think like an attacker
Experience in securing the SDLC: SAST, DAST, SCA, Secret Scanning, Runtime Vulnerability Analysis, Container Scanning
Previous experience with WAF Solutions is a plus
Professional development experience
Excellent written and oral communication skills
Vulnerability and penetration-testing skills
Excellence in communicating business risk from cybersecurity issues
Proficiency in software development (Java, JS, Go, Python, C++, Ruby, etc.)
Solid understanding of network and web protocols
Experience with security of intra-company and third-party APIs
Experience with Incident Response and Threat Analysis
Experience with dynamic and static analysis tools
Operate with a high level of independence with the ability to act as a mentor to junior Cybersecurity Engineers
Strong communication skills are required as well as the ability to work both independently and with a team
Benefits & Perks
Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
Working in a fast-paced and performance driven culture
Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
Competitive compensation and benefits package
Vast amounts of data to validate your ideas and the opportunity to experiment with real users
Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.
Pre-Employment Screening
If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.
