Cyber Security Incident and Response Analyst
Booking Holdings Cyber Detection & Response Group (“CDR”), provides top of line cyber defense services and capabilities Across Booking Holdings group.
In the Cyber Detection & Response group we use the best tooling and most advanced technologies, hire top talent and are always up-to-date with most innovative methodologies for cyber defense.
We believe that the passion and talent of our people is our strength – it is what drives us towards outstanding performance. We offer a dynamic, motivating and sophisticated work environment. We are eager to provide everyone the opportunity to learn, and develop skills in a truly world leading security practice. Our culture is open, innovative and performance orientated.
This role is hired in the Booking Holdings Romania is a Center of Excellence based in Bucharest created to extend and scale-up the specialized and highly skilled talent. Working with us, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.
The L1 Cyber Security Incident Response Team is (L1 CSIRT / SOC) our front line of cyber defense, detecting and responding to cyber attacks in real time, using state-of-the-art technology, processes and procedures.B. Responsibilities
- Responsible for triaging and investigating cybersecurity alerts raised by a wide variety of security tools like: SOAR, EDR, XDR, SIEM, Sandbox, Cloud security and Email Security
- Perform analysis on potential malicious emails and phishing attempts raised by the e-mail security solution or reported by the employees.
- Report to the L1/L2 Cyber Detection & Response CSIRT Lead and work on a 24/7 shift structure (night and weekend shifts as well)
- Collaborate with other CDR stakeholders during the 6 phases of a cybersecurity incident: Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned
- Reach out to users or stakeholders to obtain additional information that can help in the assessment of the impact of an incident
- Escalate to higher TIER upon need or based on playbooks & SOPs
- Perform IOC Sweeps and Threat Hunting.
- Improve and maintain playbooks, SOPs and other CSIRT documentation.
- Provide guidance and assistance to the new analysts
- Contribute to the CSIRT efficiency by identifying new opportunities for detections fine tuning, automations, enrichments and playbook improvements
- 1+ years of operational security experience in a 24x7 SOC environment
- Bachelor’s Degree in Engineering OR equivalent experience and relevant certification (such as CompTIA Security+, Network+, CySA+, CCNA, CCNA CyberOps, GCIH, GCIA and similar)
- Experience working independently to detect, handle, investigate and effectively respond to cybersecurity alerts by following IR playbooks and procedures
- Previous experience in Phishing and Malware cases investigation
- Ability to assess security alerts quickly and increase or decrease the severity based on the outcome of the initial investigation
- Hands-on experience with enterprise security tools
- Experience in working closely with playbooks, SOPs and other technical documentation,
- Robust understanding of IT fundamentals and general cybersecurity concepts
- Excellent interpersonal and communication skills
- Willingness to work in a 24/7 shift structure
- Highly disciplined and motivated: a self-starter who is able to both work independently and as a member of the team
- Demonstrates a Can-Do, delivery-focused and solution-oriented approach (rather than problem-oriented); Flexible, practical, and positive mindset. Is quick to adapt to changing situations.
- Constantly demonstrates ownership and proactiveness in seeking to improve and optimize in anything related to their and their team’s work.
- Contributing to a high scale, complex, world renowned company and seeing real-time impact of your work on millions of travelers worldwide
- Working in a fast-paced and performance driven culture
- Competitive compensation and benefits package and some great added perks of working at Booking
- Cybersecurity trainings and access to top of the line security tools
- Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.