Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world's leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

Role description

As a Cyber Threat Research Engineer at Booking.com Cyber Defence Team, the successful candidate will be responsible for enhancing the cyber detection, prevention and response excellence, staying ahead of emerging threats, and enhancing capabilities through researching various threats. This pivotal role fortifies the Booking Holdings Brands cyber defense, executing adversary emulation programs and performing threat research on emerging threats. This individual will play a critical role in maintaining the cybersecurity posture of the organization, ensuring the company remains resilient and responsive to ever evolving cyber threats.

This role provides a hybrid way of working with an onsite presence of 2 days/week.

Key Job Responsibilities and Duties

As a Cyber Threat Research Engineer, expertise in cyber threats, malware techniques, and emerging risks drives proactive risk identification and threat detection measures. This role offers seasoned professionals a unique opportunity to wield their experience, making a substantial impact on fortifying the security of the organization. In this dynamic cybersecurity environment, the researcher becomes a crucial contributor, shaping the organization's robust defense and contribute to a dynamic and innovative cybersecurity team

Main responsibilities

• Upholding the edge at CDR Services, focused on delivering quality detection and response quality with a strong emphasis on adversary and cyber defense

• Cultivating a proactive mindset by actively researching emerging threats, malware, TTPs, and threat actors

• Demonstrating practical expertise by analyzing phishing threats and malware like AgentTesla, Redline to fortify our defense mechanisms

• Performing Adversary Emulation utilizing Breach & Attack Simulation(BAS) tools by validating security controls (EDR, Firewall, etc.) against diverse malware and threat actor TTPs.

• Simulating malware within a controlled environment to assess the security postures and providing recommendations for enhancements

• Craft research-based threat hunting packages for threat hunting teams

• Analyze, synthesize, and present research findings to both internal teams and external audiences.

• Collaborate closely with cybersecurity teams, contributing to threat detection use cases.

• Staying current with advanced threats by being at the forefront by continuously monitoring attacker tools and new adversarial TTPs.

• Developing codes/scripts to streamline threat data analysis and automation to enhance the efficiency of threat research

• Utilizing coding and scripting skills, analyze various advanced malwares

Role Qualifications and Requirements

• Strong understanding in one of the following areas: Malware Analysis , Red or Purple Teaming, Threat intelligence, Threat Detection or Incident Response.

• Working knowledge of malware and various phishing attacks.

• Knowledgeable in identifying threats within at least one major operating system (Windows or Linux).

• Familiarity with the kill-chain model, ATT&CK framework, and modern attack techniques

• Demonstrated knowledge of common and emerging attack techniques

• Experience with commercial Endpoint Detection & Response (EDR) platforms.

• Fundamental knowledge of at least one cloud technology

• Excellent interpersonal and communication skills, adept at building and managing relationships, and fostering collaboration.

• Constantly demonstrates ownership and proactiveness in tackling challenges.

• Proficient in solving challenges, prioritizing tasks, and managing context switching.

• Good experience in malware analysis or adversary emulation simulation is highly advantageous.

• The candidate will need to possess good coding skills, primarily in Python and SQL, which will be leveraged on a daily basis

• The candidate will be required to write code for conducting advanced Cyber Investigations, Research, and Threat Hunting.

• The candidate should have good knowledge in other coding languages such as [.NET, C++] for Reverse Engineering activities

Benefits & Perks

• Contributing to a high-scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide

• Working in a fast-paced and performance driven culture

• Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation

• Competitive compensation and benefits package

• Vast amounts of data to validate your ideas and the opportunity to experiment with real users

Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.