Senior Application Security Engineer

• 5 to 8 years of combined Information Security or Information Technology Experience
• B.S. or M.S. Computer Science or a related field, or equivalent experience
• You have a breadth of knowledge and experience in application, infrastructure and systems security domains
• You are a fast learner and have experience partnering with cross-functional teams
• You have experience managing a bug bounty program, including triaging and providing strategic recommendations to engineering leads
• Technical certifications within information security are a plus (CISSP, CCSP, OSCP, OSWE or equivalents)
• Hacker mindset, passion for security always strive to think like an attacker
• Experience in securing the SDLC: SAST, DAST, SCA, Secret Scanning, Runtime Vulnerability Analysis, Container Scanning
• Previous experience with WAF Solutions is a plus
• Professional development experience
• Excellent written and oral communication skills
• Vulnerability and penetration-testing skills
• Excellence in communicating business risk from cybersecurity issues
• Proficiency in software development (Java, JS, Go, Python, C++, Ruby, etc.)
• Solid understanding of network and web protocols
• Experience with security of intra-company and third-party APIs
• Experience with Incident Response and Threat Analysis
• Experience with dynamic and static analysis tools
• Operate with a high level of independence with the ability to act as a mentor to junior Cybersecurity Engineers
• Strong communication skills are required as well as the ability to work both independently and with a team

• Help the organization evolve its application security functions and services
• Threat modeling, design reviews and consulting for teams throughout the company
• Incident Management and Response
• Work with the product team to drive business enablement through requirements gathering and risk analysis
• Perform validation of security controls to insure alignment with compliance and industry best practices
• Translate vulnerability analysis results into actionable remediation and mitigation steps
• Collaborate with Offensive Security and Threat Intelligence teams to identify novel vulnerabilities
• Build tools to simplify and automate Application Vulnerability Management processes
• Maintain the WAF and lead any related improvements
• Take a leadership role in working across the company on security projects
• Assess and implement vendor security solutions that support our mission, application development

• Health insurance
• Prepaid medical subscription (Regina Maria)
• Life insurance
• Meal vouchers
• Learning wallet
• Travel benefit
• Annual vacation leave of 25 business days, pro rata with the working period
• Birthday day off
• Summer break (short Fridays during summer)
• Work from Abroad program (up to 20 days/year in EU)
• Floating days off
• 2 Volunteer days/ year
• Home office one-time bonus
• Bookster
• Linkedin learning platform
• Headspace
• Employee discounts (travel, gym, dental, vision)

Booking Holdings Center of Excellence is part of Booking Holdings, the world's leading provider of online travel and related services, with a rich heritage of digital innovation. The Center provides access to specialized and highly skilled talent, supports projects powered by new and emerging technologies, leverages industry best practices, and fosters collaboration opportunities across all of the Booking Holdings brands, including Booking.com, Priceline, Agoda, KAYAK and OpenTable.

If you are interested to find out more about the Booking Holdings Center of Excellence visit our website: www.bookingholdings-coe.com.

Booking Holdings (NASDAQ: BKNG) is the world’s leading provider of online travel and related services, provided to consumers and local partners in more than 220 countries and territories through five primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK and OpenTable. The mission of Booking Holdings is to make it easier for everyone to experience the world.