OpenTable is the largest diner and restaurant network in the world. Our mission is to help experience the world through dining, and we think that is delicious! We are seeking a Senior Application Security Engineer to join OpenTable’s team in Bucharest.
OpenTable is seeking a highly talented and motivated application security engineer to drive initiatives that protect the security of our customers. This is a high impact role, offering the opportunity to work with the latest technologies in an environment that encourages original thinking and new approaches. You will be responsible for the security of our customer’s data, restaurant’s systems and our employee’s interactions with our infrastructure. The ideal candidate will share our passion for engineering while maintaining the integrity and security of our data.
The senior application security engineer is responsible for validating that application services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security engineer addresses legacy and emerging security issues, and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. As issues are uncovered, the application security engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation – allowing for business continuity, but without negligent risk. Application security engineers are constantly assessing applications for weaknesses and finding resolutions before they can be abused.
This position is also responsible for assessing the security of applications for business-to-business initiatives, third-party relationships, outsourced solutions and vendors, application development. Considered a highly knowledgeable individual, the application security engineer is expected to recommend programmatic controls, and monitor and manage secure development practices to address modern day issues.
- Help the organization evolve its application security functions and services
- Threat modeling, design reviews and consulting for teams throughout the company
- Work with the product team to drive business enablement through requirements gathering and risk analysis
- Perform validation of security controls to insure adherence with compliance and industry best practices
- Translate vulnerability analysis results into actionable remediation and mitigation steps
- Collaborate with Offensive Security and Threat Intelligence teams to identify novel vulnerabilities
- Build tools to simplify and automate Application Vulnerability Management processes
- Take a leadership role in working across the company on security projects
- Assess and implement vendor security solutions that support our mission, application development
- 5-7 years of combined Information Security or Information Technology Experience
- B.S. or M.S. Computer Science or a related field, or equivalent experience
- You have a breadth of knowledge and experience in application, infrastructure and systems security domains
- You are a fast learner and have experience partnering with cross-functional teams
- You have experience managing a bug bounty program, including triaging and providing strategic recommendations to engineering leads
- Technical certifications within information security are a plus (CISSP, CCSP, OSCP, eLearnSecurity or equivalents)
- Hacker mindset, passion for security always strive to think like an attacker
- Professional development experience
- Excellent written and oral communication skills
- Vulnerability and penetration-testing skills
- Excellence in communicating business risk from cybersecurity issues
- Proficiency in software development (Java, JS, Go, Python, C++, Ruby, etc.)
- Solid understanding of network and web protocols
- Experience with security of intra-company and third-party APIs
- Experience with dynamic and static analysis tools
- Operate with a high level of independence with the ability to act as a mentor to junior Cybersecurity Engineers
- Strong communication skills are required as well as the ability to work both independently and with a team
Candidate Bonus Points for the Following:
- Experience with applied cryptography including PKI, SSL, and key management
- Experience with access and identity management
- Experience with SIEM and log management
- Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
- Working in a fast-paced and performance driven culture
- Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
- Competitive compensation and benefits package
- Vast amounts of data to validate your ideas and the opportunity to experiment with real users.
Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.
About Booking Holdings Romania:
Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.
As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.
Sponsors & Partners
They help us make this conference possible.
Orange Romania is the leader of the local telecom market and part of the Orange Group, one of the largest global telecommunications operators, connecting hundreds of millions of customers worldwide. With over 11 million customers and an annual turnover exceeding 1.5 billion euros, Orange Romania connects 1 in 2 Romanians and offers an extensive range of communication solutions to its customers, both individual users and companies, from basic services up to complete voice services, fixed and mobile data, TV services or smart home services, but also mobile financial services. Orange is also a leader in innovation investing yearly over 200 million euros in network infrastructure and R&D initiatives in Romania. In the past 3 years Orange has launched two 5G Labs in Bucharest and Iasi, that aim to support researchers, startups and companies to test their 5G solutions in advance. In addition, Orange is a long-term supporter of the startup ecosystem through the Orange Fab accelerator program designed to support entrepreneurs in the development of innovative products and their distribution locally and internationally.
Orange Services was created in 2013 and is a 100% owned subsidiary of Orange Group. As a technology services company, our DNA is in IT, but our teams also work in other domains including mobile networks and a number of commercial and business functions. Orange Services is one of the largest technology hubs in the Orange Group, working internationally for both Orange corporate functions and country operations. Through a unique combination of cutting edge know-how and expertise, our teams provide a broad range of services: development and supervision of IT services in domains such as Big Data, Cloud, M2M, IoT, TV, Connected Objects; design and development of IT infrastructure and desktop solutions; testing & planning for mobile networks; implementation of supply chain solutions and also improvement of commercial & business performance including BI, CRM, Analytics, Digital learning and Customer Care. Visit us on LinkedIn.