What you'd actually do

Owns the end-to-end technical lifecycle, deployment, and optimization of enterprise Data Security platforms (specifically CASB/DLP) across multi-cloud and enterprise environments.

Applies SRE (Site Reliability Engineering) practices to ensure the continuous availability and performance of security telemetry pipelines and detection engines.

Implements "Security as Code" using Terraform, Puppet, and Git to automate the deployment of data protection policies across all Booking Holdings brands.

Designs and implements high-fidelity detection logic by correlating data security telemetry with wider security datasets (SIEM/XDR) to identify advanced threat actor TTPs.

Develops and maintains Python-based automation playbooks within the SOAR platform to execute real-time, automated containment actions (e.g., automated session revocation).

Skills

Required

CASB/DLP
SRE practices
Security as Code
Terraform
Puppet
Git
Detection logic development
SIEM/XDR
Python Scripting
SOAR platform
SQL
Logscale
KQL
SPL
DevOps
IaC
CI/CD
GitHub
GitLab
Identity & Access Governance
Okta
Entra ID
Public Cloud Security
Container Security
AWS
Azure
GCP
Data Security
Compliance
Security Systems Integration
SOC
IR
CSIRT

Nice to have

Tines

Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

Role description

The Security Engineer for Data Detection & Response is a hybrid role designed to bridge the gap between Data Security Operations (DSO) and Cyber Detection & Response (CDR). This role is responsible for the engineering, maintenance, and constant optimization of the CASB and DLP ecosystem, specifically tuned for high-fidelity detection and automated incident response. They will contribute to building, maintaining, and operating Data Detection & Response services with reliability, automation, and measurable outcomes.

They will be a technical specialist who ensures that "Data Protection" isn't just a compliance checkbox but a functional, automated component of our 24/7 SOC operation.

The ideal candidate combines strong technical security knowledge with excellent communication skills to effectively partner with cross-functional teams in Booking Holdings' dynamic, global environment. This position offers the opportunity to make a significant impact on the security posture of all brands in the Booking Holdings portfolio.

This role provides a hybrid way of working with an onsite presence of 2 days/week.

Key Job Responsibilities and Duties

Platform Engineering & Operational Integration

Infrastructure Management: Owns the end-to-end technical lifecycle, deployment, and optimization of enterprise Data Security platforms (specifically CASB/DLP) across multi-cloud and enterprise environments.
System Reliability: Applies SRE (Site Reliability Engineering) practices to ensure the continuous availability and performance of security telemetry pipelines and detection engines.
Engineering for Scale: Implements "Security as Code" using Terraform, Puppet, and Git to automate the deployment of data protection policies across all Booking Holdings brands.

Detection Engineering & Performance Optimization

Use Case Development: Designs and implements high-fidelity detection logic by correlating data security telemetry with wider security datasets (SIEM/XDR) to identify advanced threat actor TTPs.
Operational Efficiency: Responsible for the continuous tuning and optimization of alert precision to reduce false-positive rates, directly improving the "Signal-to-Noise" ratio for the 24/7 Security Operations Center (SOC).
Telemetry Enrichment: Engineers data pipelines to ensure all security events are enriched with relevant context (Identity, Asset, Geolocation) before reaching incident response teams.

Incident Response & Automation

Orchestration Development: Develops and maintains Python-based automation playbooks within the SOAR platform to execute real-time, automated containment actions (e.g., automated session revocation).
Systems & Reliability: Acts as the technical escalation point for the Cyber Defense & Response team during critical systemic bottlenecks, large-scale alert floods and platform outages and participates in a shared 24/7 on-call rotation to ensure continuous operational resilience
Process Improvement: Continuously identifies manual gaps in the Incident Response lifecycle and implements engineering solutions to reduce Mean Time to Remediate (MTTR).

Stakeholder Management & Compliance

Technical Liaison: Collaborates with Product and Infrastructure teams across various brands to integrate security controls into their workflows without impacting business velocity.
Audit & Assurance: Provides technical evidence and documentation for regulatory requirements (PCI-DSS, GDPR, SOX) to ensure that engineering controls remain compliant and effective.
Documentation: Maintains rigorous technical documentation of all detection logic, automation scripts, and platform architectures to ensure team-wide knowledge transfer.

Role Qualifications and Requirements

3-5 years of relevant experience in a similar role
Bachelor's Degree in a relevant field

Tech skills

Detection-as-Code (CI/CD) and Signal Optimization
SOAR & IR Automation (low-code workflows, Tines plus)
System Resilience, Lifecycle Management, and AI Solutioning
Python Scripting (APIs, webhooks)
Log Querying: SQL, Logscale, KQL, or SPL
DevOps: IaC (Terraform/Puppet) and CI/CD (GitHub/GitLab)
Identity & Access Governance (Okta/Entra ID)
Public Cloud & Container Security (AWS, Azure, GCP)
Data Security (DLP) and Compliance (PCI-DSS, SOX, GDPR)
Security Systems Integration & Operational Knowledge (SOC, IR, CSIRT)

Soft Skills

Highly motivated and passionate
Excellent collaboration and communication skills
Can-Do, solution-oriented, and delivery-focused approach
Flexible, practical, and quick to adapt
Demonstrates ownership, accountability, and proactiveness
Seeks continuous improvement
A humble team player

Represents a plus

Hands-on experience with Tines (no-code automation platform)

Benefits & Perks

Contributing to a high-scale, complex, world-renowned product and seeing real-time impact of your work on millions of travelers worldwide
Working in a fast-paced and performance-driven culture
Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
Competitive compensation and benefits package
Vast amounts of data to validate your ideas and the opportunity to experiment with real users

Booking Holdings is proud to be an equal opportunity workplace and is an affirmative-action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.