Security Engineer - Detection & Response

Company Description

Jobs for Humanity is dedicated to building an inclusive and just employment ecosystem. Therefore, we have dedicated this job posting to individuals coming from the following communities: Refugee, Neurodivergent, Single Parent, Blind or Low Vision, Ethnic Minority, and the Previously Incarcerated. If you identify with any of the following communities do not hesitate to register, even if you feel that this particular opportunity is not the right fit for you.

Company Name: Booking

Job Description

We are looking for a Security Engineer - Detection & Response to join our team at our Amsterdam headquarters. 

The role of Security Engineer - Detection & Response is to build, maintain and constantly improve the efficiency and coverage of the Cyber Detection & Response capabilities. 

This role would focus on implementing the detection use cases based on their priority (Getting the required observability, pipelines, correlation, enrichment, automation and build the underlying integrations and solution required therefore) and make them available to Security Monitoring and Incident Response.

The second focus would be to use the engineering toolbox to closely support any need of the CSIRT/SOC teams in automation and response orchestration tools.

B.Responsible

[System Engineering]

• Uses highly specialized domain knowledge, software development knowledge and analytical skills in order to define the requirements, the technical designs and, implement the CDR software systems and application. 
• Performs the testing and the required modification of the CDR software systems and application.

[Detection Engineering]

• Implements cyber threat detection use cases based on their priority. 
• Responsible for research and defining technical methods to hands-on implement the detection use cases.
• Gets in place the required observability, pipeline, correlation rules, enrichment, automation and build the underlying integrations and solution required therefore.
• Uses stakeholder management and communication skills to illustrate the business impact of technical requirements and navigate the way throughout upstream teams and stakeholder landscapes to get the dependencies implemented.
• Constantly optimizes alert precision and proactively strives for optimization 
• Constantly assures availability and reliability of the detection use cases alerts for Security Monitoring and Incident Response services.

[Ongoing Testing ,Maintenance & SecDevOps]

• Responsible to constantly and proactively test, maintain, improve, tune and and fix any: detection use cases, alerting rules, integrations, automation, orchestrated playbooks, enrichments, SOAR applications
• Responsible for assuring the pipeline of the SOC/CSIRT and urgently fix in case of any problems.
• Responsible for technical availability, effectiveness, quality and resilience of all the tooling, technology and detection engineering used in booking.com SOC/CSIRT teams.

[Engineering the Security Monitoring and Incident Response]

• Proactively seeks to identify opportunities and implements engineering solutions to achieve efficiency gains in Security Monitoring and IR efficiency, for example: Automation of manual IR activities, creating response orchestration playbooks, creating and maintaining integrations, alerts and systems tunings, auto field enrichment etc. 

[Supports and delivers CDR services]

• Responsible for implementing CDR engineering backlog items set by CDR product management.
• Acts as Subject Matter Expert (SME) for all aspects of detection and response, SIEM, SOC, SOAR technology and processes 
• Participates in different security assurance assessments such as Purple team, Red Team, Attack path map etc.
• Supports any compliance and maturity assessment (such as NIST, PCI, SoX) - provides answers with evidence and creates documentation for that purpose if needed. 
• Supports IR teams as SME upon need.
• Understands the world of threats, hacking and attacker methodologies. 
• Codes and build scripts
• Responsible for documenting any work related to detection & response engineering.

B.skilled

• Has  practical experience and expert knowledge (technical and procedural) in cyber threats detection & incident response, SIEM / SOAR. 
• Has experience and practical knowledge in modern attacker methodologies and adversary techniques, tactics, and procedures identification using enterprise security tools. 
• Understanding of security control frameworks like Mitre ATT&CK, NIST CSF, PCI DSS, SoX, GDPR, ISO 2700X, etc. 
• Scripting and automation experience including python, bash, git CI/CD, Puppet/Ansible).
• Experience with Elasticsearch/Kibana and knowledge of Query DSL and EQL 
• SecDevOps experience
• Has knowledge and practical experience with modern compute platforms such as cloud and containers 
• Has knowledge and practical experience with modern compute platforms such as cloud and containers
• Robust understanding of IT fundamentals across networking, system, cloud, virtualization platforms and application layers and advanced understanding of at least one operating system (Windows, Linux, OSX)
• Holds a ‘Can-Do’, delivery-focused and solution-oriented approach ; Is flexible, practical, proactive and holds a positive mindset. Is quick to adapt to changing situations

B.offered

• Living and working in Amsterdam, one of the most cosmopolitan cities in Europe;
• Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travellers worldwide;
• Working in a fast-paced and performance driven culture;
• Opportunity to utilize technical expertise, leadership capabilities and entrepreneurial spirit;
• Promote and drive impactful and innovative engineering solutions;
• Technical, behavioural and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation;
• Competitive compensation and benefits package and some great added perks of working in the home city of Booking.com.

Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening:

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.