Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world's leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

Role description

The Security Engineer for Data Detection & Response is a hybrid role designed to bridge the gap between Data Security Operations (DSO) and Cyber Detection & Response (CDR). This role is responsible for the engineering, maintenance, and constant optimization of the CASB and DLP ecosystem, specifically tuned for high-fidelity detection and automated incident response. They will contribute to building, maintaining, and operating Data Detection & Response services with reliability, automation, and measurable outcomes.

They will be a technical specialist who ensures that "Data Protection" isn't just a compliance checkbox but a functional, automated component of our 24/7 SOC operation.

The ideal candidate combines strong technical security knowledge with excellent communication skills to effectively partner with cross-functional teams in Booking Holdings' dynamic, global environment. This position offers the opportunity to make a significant impact on the security posture of all brands in the Booking Holdings portfolio.

This role provides a hybrid way of working with an onsite presence of 2 days/week.

Key Job Responsibilities and Duties

Platform Engineering & Operational Integration

• Infrastructure Management: Owns the end-to-end technical lifecycle, deployment, and optimization of enterprise Data Security platforms (specifically CASB/DLP) across multi-cloud and enterprise environments.

• System Reliability: Applies SRE (Site Reliability Engineering) practices to ensure the continuous availability and performance of security telemetry pipelines and detection engines.

• Engineering for Scale: Implements "Security as Code" using Terraform, Puppet, and Git to automate the deployment of data protection policies across all Booking Holdings brands.

Detection Engineering & Performance Optimization

• Use Case Development: Designs and implements high-fidelity detection logic by correlating data security telemetry with wider security datasets (SIEM/XDR) to identify advanced threat actor TTPs.

• Operational Efficiency: Responsible for the continuous tuning and optimization of alert precision to reduce false-positive rates, directly improving the "Signal-to-Noise" ratio for the 24/7 Security Operations Center (SOC).

• Telemetry Enrichment: Engineers data pipelines to ensure all security events are enriched with relevant context (Identity, Asset, Geolocation) before reaching incident response teams.

Incident Response & Automation

• Orchestration Development: Develops and maintains Python-based automation playbooks within the SOAR platform to execute real-time, automated containment actions (e.g., automated session revocation).

• Systems & Reliability: Acts as the technical escalation point for the Cyber Defense & Response team during critical systemic bottlenecks, large-scale alert floods and platform outages and participates in a shared 24/7 on-call rotation to ensure continuous operational resilience

• Process Improvement: Continuously identifies manual gaps in the Incident Response lifecycle and implements engineering solutions to reduce Mean Time to Remediate (MTTR).

Stakeholder Management & Compliance

• Technical Liaison: Collaborates with Product and Infrastructure teams across various brands to integrate security controls into their workflows without impacting business velocity.

• Audit & Assurance: Provides technical evidence and documentation for regulatory requirements (PCI-DSS, GDPR, SOX) to ensure that engineering controls remain compliant and effective.

• Documentation: Maintains rigorous technical documentation of all detection logic, automation scripts, and platform architectures to ensure team-wide knowledge transfer.

Role Qualifications and Requirements

• 3-5 years of relevant experience in a similar role
• Bachelor's Degree in a relevant field

Tech skills

• Detection-as-Code (CI/CD) and Signal Optimization

• SOAR & IR Automation (low-code workflows, Tines plus)

• System Resilience, Lifecycle Management, and AI Solutioning

• Python Scripting (APIs, webhooks)

• Log Querying: SQL, Logscale, KQL, or SPL

• DevOps: IaC (Terraform/Puppet) and CI/CD (GitHub/GitLab)

• Identity & Access Governance (Okta/Entra ID)

• Public Cloud & Container Security (AWS, Azure, GCP)

• Data Security (DLP) and Compliance (PCI-DSS, SOX, GDPR)

• Security Systems Integration & Operational Knowledge (SOC, IR, CSIRT)

Soft Skills

• Highly motivated and passionate

• Excellent collaboration and communication skills

• Can-Do, solution-oriented, and delivery-focused approach

• Flexible, practical, and quick to adapt

• Demonstrates ownership, accountability, and proactiveness

• Seeks continuous improvement

• A humble team player

Represents a plus

• Hands-on experience with Tines (no-code automation platform)

Benefits & Perks

• Contributing to a high-scale, complex, world-renowned product and seeing real-time impact of your work on millions of travelers worldwide

• Working in a fast-paced and performance-driven culture

• Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation

• Competitive compensation and benefits package

• Vast amounts of data to validate your ideas and the opportunity to experiment with real users

Booking Holdings is proud to be an equal opportunity workplace and is an affirmative-action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.