Hybrid Security Engineer bei Booking Holdings

Security Engineer - II,  FinTech Foundations

Booking Holdings (NASDAQ: BKNG) is the world leader in online travel and related services, provided to customers and partners in over 220 countries and territories through six primary consumer-facing brands - Booking.com, KAYAK, Priceline, Agoda.com, Rentalcars.com, and OpenTable. The mission of Booking Holdings is to make it easier for everyone to experience the world. During 2019, the Company had consolidated revenues and net income of $15.1 billion and $4.9 billion, respectively, and a current market value of approximately $90 billion.

Booking Holdings Bangalore is a Center of Excellence based in Bangalore, India and a legal entity of Booking Holdings Inc. The Center was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of the Booking Holdings brands and business units.

Job Description

FinTech is an ever-changing, complex and extremely exciting industry. To accomplish Booking.com’s mission, we need to offer a frictionless payment experience to our guests and partners. The FinTech business unit is in charge of creating best in class payment experiences for bookers and merchants, and helps internal clients grow their businesses.

As a founding Security Engineer II within the FinTech Foundations team, you will play a pivotal role in bolstering  our security and compliance posture and ensuring the safety of our digital assets by adopting and enhancing security and compliance practices, proactively identifying and mitigating risks associated with FinCrime within the fast-paced FinTech environment.

Key Responsibilities

• Provide guidance and documentation related to addressing FinCrime, propagate the guidance to the SDLC of FinTech Engineering teams. 

• Review of design, configuration and code of FinTech applications for possible FinCrime vectors.

• Surface new opportunities to increase ability to identify threats and respond effectively. Perform Threat Modeling of FinTech business flows.

• Support Risk and Controls team in risk assessment of ongoing initiatives.

• Design and implementation of FinCrimes controls.

• Collaborate with cross-functional teams to proactively detect and respond to potential FinCrime threats.

• Collaborate with foundational security teams to leverage their capabilities and knowledge to address and resolve security challenges within the FinTech domain.

• Serve as a subject matter expert (SME) during incident management, providing technical guidance and leadership to resolve complex FinCrime issues.

• Foster a security-first mindset by educating developers on secure coding practices, common vulnerabilities and attack vectors while effectively communicating security findings to stakeholders.

• Continuously evaluate and integrate emerging security technologies and best practices relevant to the FinTech domain. 

What We're Looking For

• Bachelor's degree in Computer Science Engineering, Information Security or related field.

• 4 to 6 years of hands-on experience in application security, penetration testing, or a related field, with a proven track record of identifying and mitigating security vulnerabilities.

• Demonstrated experience in conducting threat modeling, security reviews, and risk assessments.

• Proficiency in performing vulnerability assessments of web applications, APIs, and cloud infrastructure (AWS preferred).

• Experience integrating security into the SDLC and utilizing DevSecOps tools.

• Strong understanding of security best practices and industry standards (eg OWASP Top 10, NIST guidelines).

• Excellent communication and stakeholder management skills, with the ability to clearly articulate security risks and recommendations.

• Solid understanding and practical experience in securing AWS environments.

• Proficient in leveraging programming for vulnerability analysis, POC development, security automation and effective vulnerability mitigation.

Nice to Have

• Familiarity with regulatory requirements such as SOX (Sarbanes-Oxley Act), GDPR, PCI-DSS,  ISO 27001..

• Certifications such as CISSP, CEH, and AWS Certified Security - Specialty.

• A bug bounty profile or a Git repository showcasing your work.

• Experience with FinTech or financial services industry.

Benefits

• An opportunity to establish the security craft and make a significant impact in the FinTech industry.

• Be part of a truly international fast-paced environment and performance-driven culture.

• Collaborative and supportive work environment with opportunities for professional growth and development.

• Competitive compensation and benefits package 

• Hybrid working environment.

• Provide guidance and documentation related to addressing FinCrime, propagate the guidance to the SDLC of FinTech Engineering teams. 

• Review of design, configuration and code of FinTech applications for possible FinCrime vectors.

• Surface new opportunities to increase ability to identify threats and respond effectively. Perform Threat Modeling of FinTech business flows.

• Support Risk and Controls team in risk assessment of ongoing initiatives.

• Design and implementation of FinCrimes controls.

• Collaborate with cross-functional teams to proactively detect and respond to potential FinCrime threats.

• Collaborate with foundational security teams to leverage their capabilities and knowledge to address and resolve security challenges within the FinTech domain.

• Serve as a subject matter expert (SME) during incident management, providing technical guidance and leadership to resolve complex FinCrime issues.

• Foster a security-first mindset by educating developers on secure coding practices, common vulnerabilities and attack vectors while effectively communicating security findings to stakeholders.