Romania - Cyber Defense Service Monitoring Specialist, Enterprise Security

Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world's leading provider of online travel, with a mission of making it easier for everyone to experience the world through five-primary consumer facing brands: , Priceline, Agoda, KAYAK and OpenTable.

Role description

The Cyber Defense Service Monitoring Specialist is an internal technical role within – Enterprise Security – Cyber Defense & Response.

This position is responsible for oversight and technical validation of security services delivered by BKNG Shared Cybersecurity Services, ensuring they meet 's operational, technical, and quality standards.

The specialist acts as a technical liaison, metrics analyst, and process improvement lead, monitoring BKNG Shared Cybersecurity Services activities, reviewing SOPs, driving tuning and automation, and collaborating with internal engineering and incident response teams to continuously enhance 's security operations.

This role provides a hybrid way of working with an onsite presence of 2 days/week.

Key Job Responsibilities and Duties

Monitoring & Technical Review: 

Monitor and validate alerts, escalations, investigations and operational activities from BKNG Shared Cybersecurity Provider to ensure accuracy, completeness, and adherence to standards.

Monitor alert categorization, incident handling, and workflows to ensure alignment with policies and technical requirements.

Review and improve both BKNG Shared Cybersecurity Services and internal SOPs, identifying gaps and recommending enhancements for operational effectiveness.

Metrics, Analysis & Trend Identification:

Track and analyze key operational metrics (SLA adherence, MTTA, MTTR, alert volumes, FP/TP rates, ingestion/detectors anomalies, alert trends, etc) across all BKNG Shared Cybersecurity Services.

Identify trends, inefficiencies, or gaps, and propose actionable improvements to enhance detection, response, SOPs and overall SOC efficiency.

Tuning, Automation & Continuous Improvement:

Review BKNG Shared Cybersecurity Services proposals for detection rules, tuning, workflows, and automation; assess technical feasibility and impact for

Drive analysis and implementation process of approved proposals to optimize 's Security Operations.

Proactively identify and implement workflow, SOP, processes and automation improvements for both BKNG Shared Cybersecurity Services and internal processes to increase efficiency and service quality.

Collaboration, Technical Leadership & Knowledge Sharing:

Serve as the technical liaison for , representing the Enterprise Security organization in meetings and discussions with BKNG Shared Cybersecurity Services.

Collaborate with internal engineering, incident response, and other security teams to implement tuning, automation, tooling, SOP and workflow enhancements.

Act as a Subject Matter Expert, providing guidance and knowledge transfer to both internal teams and BKNG Shared Cybersecurity Services on 's environment, tools, processes, and requirements.

Ensure alignment between internal teams and BKNG Shared Cybersecurity Services on technical, operational, and strategic objectives.

Project Ownership & Delivery:

Collaborate on various departmental projects that strengthen 's cybersecurity posture and support organizational objectives.

Ensure project outcomes are measurable, aligned with risk reduction goals, and effectively integrated into ongoing operations.

Role Qualifications and Requirements

Required:

3-5+ years in Cyber Defense, SOC Operations, Threat Detection, or Incident Response.

Strong technical knowledge of SOC workflows, alert triage, detection engineering, incident investigation, and multiple cybersecurity services.

Hands-on experience with SIEM/SOAR platforms, EDR solutions, Cloud Enviroments, alert tuning, workflow optimization, and SOP analysis.

Ability to analyze metrics, trends, and operational data to drive technical improvements.

Excellent communication skills for technical discussions with internal teams and BKNG Shared Cybersecurity Services.

Preferred:

Previous experience in shared-services or managed SOC environments.

Knowledge of automation and orchestration tools (SOAR).

Strong understanding of corporate, production, and cloud environments.

Relevant certifications, but not mandatory: GCIA, GCIH, GCFR, GCDA, or equivalent.

Benefits & Perks

Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide

Working in a fast-paced and performance driven culture

Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation

Competitive compensation and benefits package

Vast amounts of data to validate your ideas and the opportunity to experiment with real users

Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.

---