Booking Holdings Romania - Security Engineer - Vulnerability Management

Booking.com
Booking.com
Bucharest, RomaniaOn-siteCompetitiveAdded 3 days ago
Booking.com

Booking Holdings Romania - Security Engineer - Vulnerability Management

Original Advert

Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world's leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

Role description

We are looking for a Security Engineer to own and scale our vulnerability management program across infrastructure and our Software Development Lifecycle (SDLC) pipeline. You will work at the intersection of detection, automation, and developer enablement, partnering with infrastructure and engineering teams to reduce exposure, accelerate remediation, and integrate security into the SDLC. The security engineer also provides support to the incident response, forensic, application, and networking teams and works with IT infrastructure, application development, security operations, security audit, and end-user sources of information to ensure collection, correlation, and reporting, as well as facilitation of corporate-wide security events.

The role ensures that our Vulnerability Management solution aids in the output of metrics to senior management to help maintain a safe and secure enterprise technical operation. Daily, the engineer ensures the scan agents'/sources' alerts are healthy, false positives are tuned out, and true alerts are surfaced to the right parties. To be successful, a solid understanding of and practical hands-on experience with security principles, host configurations, and networking are required.

Must be detail oriented, able to manage multiple tasks, and work independently as well as in a team setting. Excellent communication skills, collaboration skills and ability to adapt to shifting priorities are critical.

This role provides a hybrid way of working with an onsite presence of 2 days/week.

Key Job Responsibilities and Duties

  • Own end-to-end infrastructure vulnerability management, including scanner deployment, agent lifecycle management, scan policy tuning, and SLA-driven remediation workflows.

  • Deploy and maintain scanning agents at scale using IaC/CM tooling such as Puppet, Ansible or Chef across heterogeneous environments.

  • Integrate vulnerability scanning into CI/CD pipelines and conduct supply chain security assessments, tracking open-source dependencies and third-party components for known CVEs and emerging threats.

  • Monitor and triage threat intelligence feeds (NVD, CISA KEV, vendor advisories, OSINT sources) to assess new vulnerability disclosures and translate them into prioritized remediation actions.

  • Build and maintain SOAR playbooks to automate alert triage, ticket creation, enrichment, and escalation, reducing manual toil across the vulnerability management lifecycle.

  • Define and enforce vulnerability severity thresholds and SLA policies in collaboration with other teams.

  • Drive actionable metrics, prioritization and reporting for operations and leadership transparency

  • Participate in security reviews of new infrastructure and application designs to identify vulnerability exposure early in the development lifecycle.

  • Previous experience with SIEM dashboards and other reporting tools for incident response is nice to have

  • Be readily available for incident response, forensics, troubleshooting, and security issues requiring event details.

  • Maintain an up-to-date level of knowledge related to security threats, vulnerabilities, and mitigations set forth to reduce attack surface.

  • Connect events to contextual security reports that security management and technical teams can easily comprehend.

  • You will form repeatable processes for prioritizing and responding to alerts and developing playbooks.

  • Develop enrichment pipelines and automation to enhance the fidelity of threat detections.

  • Strong communication skills are required as well as the ability to work both independently and with a team.

  • Assist with the creation and/or maintenance of operational security metrics with dashboards and reports

Role Qualifications and Requirements

  • 3-5 years of combined Information Security or Information Technology Experience

  • 3-5 years of focus on vulnerability management programs.

  • B.S. or M.S. Computer Science or a related field, or equivalent experience

  • Firm understanding of MITRE ATT&CK framework & TTPs

  • Practical experience using configuration management tools (Puppet preferred, Ansible or Chef accepted) to manage security tooling at scale.

  • Solid understanding of software supply chain risks

  • Hands-on experience building or maintaining SOAR workflows for security automation use cases.

  • Knowledge of application and infrastructure security

  • Experience working with cloud environments is a plus

  • Understanding of common operating systems, networking protocols, and databases

  • Strong scripting or equivalent programming experience

Benefits & Perks

  • Contributing to a high-scale, complex, world-renowned product and seeing real-time impact of your work on millions of travelers worldwide

  • Working in a fast-paced and performance-driven culture

  • Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation

  • Competitive compensation and benefits package

  • Vast amounts of data to validate your ideas and the opportunity to experiment with real users

Booking Holdings is proud to be an equal opportunity workplace and is an affirmative-action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.


Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.

Senior Software Engineer I

Bangalore, India
2d ago
Visa Sponsor

Account Manager, Natal

Natal, Brazil
2d ago

Senior HR Manager - People

Amsterdam, Netherlands
2d ago

Booking Holdings Romania - Cybersecurity Analyst II, CDR

Bucharest, Romania
2d ago

Senior Operations Analyst Lead

Bangalore, India
3d ago

Booking Holdings Romania - Cyber Security Incident Response Team Manager

Bucharest, Romania
3d ago

Booking Holdings Romania - Senior JAVA Software Engineer (Chaos Engineering)

Bucharest, Romania
3d ago

Associate BI Engineer (HANA / SQL)

Bangalore, India
3d ago
Visa Sponsor

Account Manager – Home Acquisition Mexico

Mexico City, Mexico
3d ago

Data & AI Governance Architect

Bangalore, India
3d ago
Visa Sponsor

Account Manager, Bogotá

Bogota, Colombia
3d ago

Cybersecurity - Service Delivery Manager - EY GDS Spain - Hybrid

Málaga, Spain
2d ago

Senior security Engineer

Barcelona, Spain
2d ago

GRC Engineer

Paris / Barcelona / Berlin / Milan
5d ago
Visa Sponsor

Senior Security Engineer - Platform

Barcelona, Spain (Hybrid)
5d ago
Visa Sponsor

Senior Security Engineer - Application

Barcelona, Spain (Hybrid)
5d ago

Security Specialist

Barcelona, Spain
5d ago

Enterprise Security Architect - IAM

Barcelona, Spain
5d ago
Visa Sponsor

Corporate Security Engineer

Remote, Spain
5d ago
Visa Sponsor

Senior Security Engineer

Remote, Spain
5d ago
Visa Sponsor

Senior Security Engineer, Privacy (Eastern Time Zone Preferred)

Remote, Spain
5d ago

Application Security Consultants - Application Security DevSecOps

Madrid, Spain
6d ago

Executive Recruitment Coordinator

Madrid, Spain / Dubai - United Arab Emirates / Bucharest, Romania / Lisbon, Portugal
2d ago

Marketing Manager (Quant)

Madrid, Spain / Kraków, Poland / Dubai - United Arab Emirates / Bucharest, Romania / Lisbon, Portugal
2d ago

Business Compliance Manager (EU Bank)

Madrid, Spain / Kraków, Poland / Bucharest, Romania / Lisbon, Portugal / Vilnius, Lithuania
€5K - €5K1w ago

Technical Support Engineer - Identity

Romania, Bucharest, Bucharest / Jordan, Amman, Amman / Spain, Madrid, Madrid
3w ago

Global Procurement Lead

Barcelona, Spain; Bucharest - Dorobanti, Romania; Madrid, Spain
3w ago

Staff Full-Stack Engineer

Cairo, Egypt / Barcelona, Spain / Belgrade / Bucharest / Sofia / Nairobi, Kenya / Lagos, Nigeria / Dar es Salam, Tanzania / Cape Town, South Africa / Turkey / Alexandria, Egypt / India / Remote
1mo ago

Software Engineer (DevOps) - Managed Storage

Madrid, Spain / Kraków, Poland / Dubai - United Arab Emirates / Bucharest, Romania / Vilnius, Lithuania / London, UK
€74K - €112K1mo ago

Business Compliance Manager (Europe Bank)

Madrid, Spain / Kraków, Poland / Bucharest, Romania / Lisbon, Portugal / Vilnius, Lithuania
€5K - €5K2mo ago

Product Sales Executive (Global Talent Solutions)

Madrid, Spain / Kraków, Poland / Dublin, Ireland / Bucharest, Romania / London, UK
4mo ago

Deep Learning Engineer (Voice)

Madrid, Spain / Kraków, Poland / Dubai - United Arab Emirates / Bucharest, Romania / Lisbon, Portugal / Vilnius, Lithuania
€6K - €9K8mo ago

Senior DataOps Engineer

Barcelona / Madrid / Bucharest / Sao Paulo (Hybrid)
10mo ago

Business Compliance Manager (Talent)

Madrid, Spain / Kraków, Poland / Bucharest, Romania / Lisbon, Portugal / Vilnius, Lithuania
€36K - €63K11mo ago

Application managed by Booking.com