Security Engineer - Detection & Response
Amsterdam, Netherlands
Applications have closed
Humanity
Jobs for Humanity paves the way to a fairer future for all by connecting historically underrepresented talent to welcoming employers.Company Description
Jobs for Humanity is dedicated to building an inclusive and just employment ecosystem. Therefore, we have dedicated this job posting to individuals coming from the following communities: Refugee, Neurodivergent, Single Parent, Blind or Low Vision, Ethnic Minority, and the Previously Incarcerated. If you identify with any of the following communities do not hesitate to register, even if you feel that this particular opportunity is not the right fit for you.Company Name: Booking
Job Description
We are looking for a Security Engineer - Detection & Response to join our team at our Amsterdam headquarters.
The role of Security Engineer - Detection & Response is to build, maintain and constantly improve the efficiency and coverage of the Cyber Detection & Response capabilities.
This role would focus on implementing the detection use cases based on their priority (Getting the required observability, pipelines, correlation, enrichment, automation and build the underlying integrations and solution required therefore) and make them available to Security Monitoring and Incident Response.
The second focus would be to use the engineering toolbox to closely support any need of the CSIRT/SOC teams in automation and response orchestration tools.
B.Responsible
[System Engineering]
- Uses highly specialized domain knowledge, software development knowledge and analytical skills in order to define the requirements, the technical designs and, implement the CDR software systems and application.
- Performs the testing and the required modification of the CDR software systems and application.
[Detection Engineering]
- Implements cyber threat detection use cases based on their priority.
- Responsible for research and defining technical methods to hands-on implement the detection use cases.
- Gets in place the required observability, pipeline, correlation rules, enrichment, automation and build the underlying integrations and solution required therefore.
- Uses stakeholder management and communication skills to illustrate the business impact of technical requirements and navigate the way throughout upstream teams and stakeholder landscapes to get the dependencies implemented.
- Constantly optimizes alert precision and proactively strives for optimization
- Constantly assures availability and reliability of the detection use cases alerts for Security Monitoring and Incident Response services.
[Ongoing Testing ,Maintenance & SecDevOps]
- Responsible to constantly and proactively test, maintain, improve, tune and and fix any: detection use cases, alerting rules, integrations, automation, orchestrated playbooks, enrichments, SOAR applications
- Responsible for assuring the pipeline of the SOC/CSIRT and urgently fix in case of any problems.
- Responsible for technical availability, effectiveness, quality and resilience of all the tooling, technology and detection engineering used in booking.com SOC/CSIRT teams.
[Engineering the Security Monitoring and Incident Response]
- Proactively seeks to identify opportunities and implements engineering solutions to achieve efficiency gains in Security Monitoring and IR efficiency, for example: Automation of manual IR activities, creating response orchestration playbooks, creating and maintaining integrations, alerts and systems tunings, auto field enrichment etc.
[Supports and delivers CDR services]
- Responsible for implementing CDR engineering backlog items set by CDR product management.
- Acts as Subject Matter Expert (SME) for all aspects of detection and response, SIEM, SOC, SOAR technology and processes
- Participates in different security assurance assessments such as Purple team, Red Team, Attack path map etc.
- Supports any compliance and maturity assessment (such as NIST, PCI, SoX) - provides answers with evidence and creates documentation for that purpose if needed.
- Supports IR teams as SME upon need.
- Understands the world of threats, hacking and attacker methodologies.
- Codes and build scripts
- Responsible for documenting any work related to detection & response engineering.
B.skilled
- Has practical experience and expert knowledge (technical and procedural) in cyber threats detection & incident response, SIEM / SOAR.
- Has experience and practical knowledge in modern attacker methodologies and adversary techniques, tactics, and procedures identification using enterprise security tools.
- Understanding of security control frameworks like Mitre ATT&CK, NIST CSF, PCI DSS, SoX, GDPR, ISO 2700X, etc.
- Scripting and automation experience including python, bash, git CI/CD, Puppet/Ansible).
- Experience with Elasticsearch/Kibana and knowledge of Query DSL and EQL
- SecDevOps experience
- Has knowledge and practical experience with modern compute platforms such as cloud and containers
- Has knowledge and practical experience with modern compute platforms such as cloud and containers
- Robust understanding of IT fundamentals across networking, system, cloud, virtualization platforms and application layers and advanced understanding of at least one operating system (Windows, Linux, OSX)
- Holds a ‘Can-Do’, delivery-focused and solution-oriented approach ; Is flexible, practical, proactive and holds a positive mindset. Is quick to adapt to changing situations
B.offered
- Living and working in Amsterdam, one of the most cosmopolitan cities in Europe;
- Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travellers worldwide;
- Working in a fast-paced and performance driven culture;
- Opportunity to utilize technical expertise, leadership capabilities and entrepreneurial spirit;
- Promote and drive impactful and innovative engineering solutions;
- Technical, behavioural and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation;
- Competitive compensation and benefits package and some great added perks of working in the home city of Booking.com.
Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.
Pre-Employment Screening:
If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Ansible Automation Bash CI/CD Cloud Compliance CSIRT Elasticsearch GDPR Incident response Linux MITRE ATT&CK Monitoring NIST PCI DSS Puppet Python Red team Scripting SIEM SOAR SOC Threat detection Windows
Perks/benefits: Competitive pay Conferences Flex hours Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs