Candidatul Ideal
- 5-8 years of combined Information Security or Information Technology Experience
- B.S. or M.S. Computer Science or a related field, or equivalent experience
- You have a breadth of knowledge and experience in incident response, application, infrastructure, and systems security domains.
- You are a fast learner and have experience partnering with cross-functional teams.
- You have experience managing a bug bounty program, including triaging and providing strategic recommendations to engineering leads.
- Technical certifications within information security are a plus (CISSP, CCSP, OSCP, OSWE or equivalents)
- Hacker mindset, passion for security always strive to think like an attacker
- Experience in assessing new Application Features and establish secure guidelines for Product teams
- Professional development experience
- Excellent written and oral communication skills
- Vulnerability and penetration-testing skills.
- Excellence in communicating business risk from cybersecurity issues.
- Proficiency in software development (Java, JS, Go, Python, C++, Ruby, etc.).
- Solid understanding of network and web protocols.
- Experience with security of intra-company and third-party APIs.
- Solid experience with Incident Response and Threat Analysis
- Experience with dynamic and static analysis tools.
- Operate with a high level of independence with the ability to act as a mentor to junior Cybersecurity Engineers
- Strong communication skills are required as well as the ability to work both independently and with a team
Descrierea jobului
The Senior Security Engineer is responsible for validating that application services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the senior security engineer addresses legacy and emerging security issues, and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. As issues are uncovered, the senior security engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation – allowing for business continuity, but without negligent risk. Senior Security Engineers are constantly assessing applications for weaknesses and finding resolutions before they can be abused.
This role provides a hybrid way of working with an onsite presence of 2 days/week.
Key Job Responsibilities and Duties
This role provides a hybrid way of working with an onsite presence of 2 days/week.
Key Job Responsibilities and Duties
- Conduct threat modeling and security design reviews for new and changing application features, APIs, and integrations; provide actionable guidance to engineering and product teams.
- Own incident triage and response for application/security events: coordinate stakeholders, drive containment/eradication/recovery, and ensure clear communications throughout the incident lifecycle.
- Partner with Product and Engineering to translate business requirements into security requirements, performing risk assessments and defining compensating controls when needed.
- Validate feature-level security controls and ensure alignment with compliance and industry best practices.
- Drive post-incident and post-release learning: lead root cause analysis, write postmortems, and track corrective actions to completion (detection improvements, guardrails, design changes).
- Translate vulnerability findings and incident learnings into prioritized remediation plans and mitigations, including short-term risk reduction and long-term design improvements.
- Collaborate across teams to anticipate emerging threats, incorporate them into design reviews, and improve detection/response playbooks.
- Build and maintain automation and tooling to streamline incident investigation (telemetry, alert enrichment, evidence collection) and application vulnerability management workflows.
- Evaluate and implement vendor security solutions that improve detection, response, and secure design (e.g., logging/SIEM, SOAR, runtime protections, SAST/DAST), ensuring effective integration into SDLC and IR processes.
- Health insurance
- Prepaid medical subscription (Regina Maria)
- Life insurance
- Meal vouchers
- Learning wallet
- Travel benefit
- Annual vacation leave of 25 business days, pro rata with the working period
- Birthday day off
- Summer break (short Fridays during summer)
- Work from Abroad program (up to 20 days/year in EU)
- Floating days off
- 2 Volunteer days/ year
- Home office one-time bonus
- Bookster
- Linkedin learning platform
- Headspace
- Employee discounts (travel, gym, dental, vision)
Descrierea companiei
Booking Holdings Center of Excellence is part of Booking Holdings, the world's leading provider of online travel and related services, with a rich heritage of digital innovation. The Center provides access to specialized and highly skilled talent, supports projects powered by new and emerging technologies, leverages industry best practices, and fosters collaboration opportunities across all of the Booking Holdings brands, including Booking.com, Priceline, Agoda, KAYAK and OpenTable.
If you are interested to find out more about the Booking Holdings Center of Excellence visit our website: www.bookingholdings-coe.com.
Booking Holdings (NASDAQ: BKNG) is the world’s leading provider of online travel and related services, provided to consumers and local partners in more than 220 countries and territories through five primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK and OpenTable. The mission of Booking Holdings is to make it easier for everyone to experience the world.
Joburi similare
