Romania - Senior Penetration Tester

Role Description:

Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world's leading provider of online travel, with a mission of making it easier for everyone to experience the world through five-primary consumer facing brands: , Priceline, Agoda, KAYAK and OpenTable.

The Senior Penetration Tester defines and leads the execution of highly technical and specialized engagements and designs new techniques of testing based on the evolution of industry best practices over time. They are both performing hands-on technical testing without requiring supervision and are coordinating teams of testers to ensure that the engagement objectives are met. They strengthen Booking Holdings brands security posture by proactively identifying vulnerabilities and security control gaps in our systems and applications.

The Senior Penetration Tester provides critical input to the group's brands with the development of the security assurance strategic plan based on subject matter expertise to increase the impact and value added through this area of focus. The Senior Penetration Tester also helps further grow the security assurance area by mentoring other team members and members of other technical non-pentester communities within the Booking Holdings group. The Senior Penetration Tester has strong stakeholder management skills that enable effective communication of technical information to multi-level (up to CISO/CSO level), technical and non-technical audiences within the broader Booking Holdings organization.

This role provides a hybrid way of working with an onsite presence of 2 days/week.

Key Job Responsibilities and Duties

• Plan and organize any externally and internally performed security assurance activities
• Coordinate security assurance engagements executed by external testers
• Execute security assurance engagement testing
• Document and formally report the outcomes of the security assurance activities both to a technical and non-technical audience
• Align with Booking Holdings on the overall security assurance landscape for the Group
• Coordinate and support the contractual relationship and alignment with external security assurance vendors
• Align business testing needs with timely and relevant threat information and verify the organization's security posture against them
• Perform other duties as assigned
• Research and innovate, regularly research and learn new TTPs, and apply this knowledge to update testing methodology and tools.
• Understand breach and attack simulation solutions, working with them to automate control validation and effectiveness.
• Liaise with security teams to mature prevention, detection, and response capabilities
• Mentor and support junior teammates

Role Qualifications and Requirements

• 5+ years of experience in information security
• 5+ years of relevant hands-on experience in security assurance testing and engagement management
• Expertise in at least one of the following areas: (Web) application security, infrastructure security, mobile security
• Excellence in communicating business risk and remediation requirements from assessments
• Excellent stakeholder management skills
• Proficient in scripting languages such as Python, PowerShell, Bash, and Ruby and be able to create scripts that automate security testing processes, enhance efficiency, and uncover vulnerabilities.
• Competent with testing frameworks and tools
• Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
• Analytical and problem-solving mindset.
• Highly organized and efficient
• Experience in offensive tactics
• Software development experience
• One or more of the following certifications: OSCP, OSCE, GPEN, GWAPT, CEH, CISSP or a similar recognized certification in your domain of expertise

Benefits & Perks

• Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
• Working in a fast-paced and performance driven culture
• Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
• Competitive compensation and benefits package
• Vast amounts of data to validate your ideas and the opportunity to experiment with real users

Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.