Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world's leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

Role description

We are looking for a Security Engineer to own and scale our vulnerability management program across infrastructure and our Software Development Lifecycle (SDLC) pipeline. You will work at the intersection of detection, automation, and developer enablement, partnering with infrastructure and engineering teams to reduce exposure, accelerate remediation, and integrate security into the SDLC. The security engineer also provides support to the incident response, forensic, application, and networking teams and works with IT infrastructure, application development, security operations, security audit, and end-user sources of information to ensure collection, correlation, and reporting, as well as facilitation of corporate-wide security events.

The role ensures that our Vulnerability Management solution aids in the output of metrics to senior management to help maintain a safe and secure enterprise technical operation. Daily, the engineer ensures the scan agents'/sources' alerts are healthy, false positives are tuned out, and true alerts are surfaced to the right parties. To be successful, a solid understanding of and practical hands-on experience with security principles, host configurations, and networking are required.

Must be detail oriented, able to manage multiple tasks, and work independently as well as in a team setting. Excellent communication skills, collaboration skills and ability to adapt to shifting priorities are critical.

This role provides a hybrid way of working with an onsite presence of 2 days/week.

Key Job Responsibilities and Duties

• Own end-to-end infrastructure vulnerability management, including scanner deployment, agent lifecycle management, scan policy tuning, and SLA-driven remediation workflows.

• Deploy and maintain scanning agents at scale using IaC/CM tooling such as Puppet, Ansible or Chef across heterogeneous environments.

• Integrate vulnerability scanning into CI/CD pipelines and conduct supply chain security assessments, tracking open-source dependencies and third-party components for known CVEs and emerging threats.

• Monitor and triage threat intelligence feeds (NVD, CISA KEV, vendor advisories, OSINT sources) to assess new vulnerability disclosures and translate them into prioritized remediation actions.

• Build and maintain SOAR playbooks to automate alert triage, ticket creation, enrichment, and escalation, reducing manual toil across the vulnerability management lifecycle.

• Define and enforce vulnerability severity thresholds and SLA policies in collaboration with other teams.

• Drive actionable metrics, prioritization and reporting for operations and leadership transparency

• Participate in security reviews of new infrastructure and application designs to identify vulnerability exposure early in the development lifecycle.

• Previous experience with SIEM dashboards and other reporting tools for incident response is nice to have

• Be readily available for incident response, forensics, troubleshooting, and security issues requiring event details.

• Maintain an up-to-date level of knowledge related to security threats, vulnerabilities, and mitigations set forth to reduce attack surface.

• Connect events to contextual security reports that security management and technical teams can easily comprehend.

• You will form repeatable processes for prioritizing and responding to alerts and developing playbooks.

• Develop enrichment pipelines and automation to enhance the fidelity of threat detections.

• Strong communication skills are required as well as the ability to work both independently and with a team.

• Assist with the creation and/or maintenance of operational security metrics with dashboards and reports

Role Qualifications and Requirements

• 3-5 years of combined Information Security or Information Technology Experience

• 3-5 years of focus on vulnerability management programs.

• B.S. or M.S. Computer Science or a related field, or equivalent experience

• Firm understanding of MITRE ATT&CK framework & TTPs

• Practical experience using configuration management tools (Puppet preferred, Ansible or Chef accepted) to manage security tooling at scale.

• Solid understanding of software supply chain risks

• Hands-on experience building or maintaining SOAR workflows for security automation use cases.

• Knowledge of application and infrastructure security

• Experience working with cloud environments is a plus

• Understanding of common operating systems, networking protocols, and databases

• Strong scripting or equivalent programming experience

Benefits & Perks

• Contributing to a high-scale, complex, world-renowned product and seeing real-time impact of your work on millions of travelers worldwide

• Working in a fast-paced and performance-driven culture

• Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation

• Competitive compensation and benefits package

• Vast amounts of data to validate your ideas and the opportunity to experiment with real users

Booking Holdings is proud to be an equal opportunity workplace and is an affirmative-action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.