Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.
As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through five-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK and OpenTable.
The Senior Penetration Tester defines and leads the execution of highly technical and specialized engagements and designs new techniques of testing based on the evolution of industry best practices over time. They are both performing hands-on technical testing without requiring supervision and are coordinating teams of testers to ensure that the engagement objectives are met. They strengthen Booking Holdings brands security posture by proactively identifying vulnerabilities and security control gaps in our systems and applications.
The Senior Penetration Tester provides critical input to the group's brands with the development of the security assurance strategic plan based on subject matter expertise to increase the impact and value added through this area of focus. The Senior Penetration Tester also helps further grow the security assurance area by mentoring other team members and members of other technical non-pentester communities within the Booking Holdings group. The Senior Penetration Tester has strong stakeholder management skills that enable effective communication of technical information to multi-level (up to CISO/CSO level), technical and non-technical audiences within the broader Booking Holdings organization.
This role provides a hybrid way of working with an onsite presence of 2 days/week.
Key Job Responsibilities and Duties
Plan and organize any externally and internally performed security assurance activities
Coordinate security assurance engagements executed by external testers
Execute security assurance engagement testing
Document and formally report the outcomes of the security assurance activities both to a technical and non-technical audience
Align with Booking Holdings on the overall security assurance landscape for the Group
Coordinate and support the contractual relationship and alignment with external security assurance vendors
Align business testing needs with timely and relevant threat information and verify the organization’s security posture against them
Perform other duties as assigned
Research and innovate, regularly research and learn new TTPs, and apply this knowledge to update testing methodology and tools.
Understand breach and attack simulation solutions, working with them to automate control validation and effectiveness.
Liaise with security teams to mature prevention, detection, and response capabilities
Mentor and support junior teammates
Role Qualifications and Requirements
5+ years of experience in information security
5+ years of relevant hands-on experience in security assurance testing and engagement management
Expertise in at least one of the following areas: (Web) application security, infrastructure security, mobile security
Excellence in communicating business risk and remediation requirements from assessments
Excellent stakeholder management skills
Proficient in scripting languages such as Python, PowerShell, Bash, and Ruby and be able to create scripts that automate security testing processes, enhance efficiency, and uncover vulnerabilities.
Competent with testing frameworks and tools
Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
Analytical and problem-solving mindset.
Highly organized and efficient
Experience in offensive tactics
Software development experience
One or more of the following certifications: OSCP, OSCE, GPEN, GWAPT, CEH, CISSP or a similar recognized certification in your domain of expertise
Benefits & Perks
Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
Working in a fast-paced and performance driven culture
Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
Competitive compensation and benefits package
Vast amounts of data to validate your ideas and the opportunity to experiment with real users
Pre-Employment Screening
If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.
