The Security Engineer for Data Detection & Response is a hybrid role designed to bridge the gap between Data Security Operations (DSO) and Cyber Detection & Response (CDR). This role is responsible for the engineering, maintenance, and constant optimization of the CASB and DLP ecosystem, specifically tuned for high-fidelity detection and automated incident response. They will contribute to building, maintaining, and operating Data Detection & Response services with reliability, automation, and measurable outcomes.
They will be a technical specialist who ensures that "Data Protection" isn't just a compliance checkbox but a functional, automated component of our 24/7 SOC operation.
The ideal candidate combines strong technical security knowledge with excellent communication skills to effectively partner with cross-functional teams in Booking Holdings' dynamic, global environment. This position offers the opportunity to make a significant impact on the security posture of all brands in the Booking Holdings portfolio.
This role provides a hybrid way of working with an onsite presence of 2 days/week.
Key Job Responsibilities and Duties
Platform Engineering & Operational Integration

• Infrastructure Management: Owns the end-to-end technical lifecycle, deployment, and optimization of enterprise Data Security platforms (specifically CASB/DLP) across multi-cloud and enterprise environments.
• System Reliability: Applies SRE (Site Reliability Engineering) practices to ensure the continuous availability and performance of security telemetry pipelines and detection engines.
• Engineering for Scale: Implements "Security as Code" using Terraform, Puppet, and Git to automate the deployment of data protection policies across all Booking Holdings brands.

Detection Engineering & Performance Optimization

• Use Case Development: Designs and implements high-fidelity detection logic by correlating data security telemetry with wider security datasets (SIEM/XDR) to identify advanced threat actor TTPs.
• Operational Efficiency: Responsible for the continuous tuning and optimization of alert precision to reduce false-positive rates, directly improving the "Signal-to-Noise" ratio for the 24/7 Security Operations Center (SOC).
• Telemetry Enrichment: Engineers data pipelines to ensure all security events are enriched with relevant context (Identity, Asset, Geolocation) before reaching incident response teams.

Incident Response & Automation

• Orchestration Development: Develops and maintains Python-based automation playbooks within the SOAR platform to execute real-time, automated containment actions (e.g., automated session revocation).
• Systems & Reliability: Acts as the technical escalation point for the Cyber Defense & Response team during critical systemic bottlenecks, large-scale alert floods and platform outages and participates in a shared 24/7 on-call rotation to ensure continuous operational resilience
• Process Improvement: Continuously identifies manual gaps in the Incident Response lifecycle and implements engineering solutions to reduce Mean Time to Remediate (MTTR).

Stakeholder Management & Compliance

• Technical Liaison: Collaborates with Product and Infrastructure teams across various brands to integrate security controls into their workflows without impacting business velocity.
• Audit & Assurance: Provides technical evidence and documentation for regulatory requirements (PCI-DSS, GDPR, SOX) to ensure that engineering controls remain compliant and effective.
• Documentation: Maintains rigorous technical documentation of all detection logic, automation scripts, and platform architectures to ensure team-wide knowledge transfer.

Benefits:

• Health insurance
• Prepaid medical subscription (Regina Maria)
• Life insurance
• Meal vouchers
• Learning wallet
• Travel benefit
• Annual vacation leave of 25 business days, pro rata with the working period
• Birthday day off
• Summer break (short Fridays during summer)
• Work from Abroad program (up to 20 days/year in EU)
• Floating days off
• 2 Volunteer days/ year
• Home office one-time bonus
• Bookster
• Linkedin learning platform
• Headspace
• Employee discounts (travel, gym, dental, vision)