Senior Application Security Engineer at Booking Holdings Romania (DC-0037)

OpenTable is the largest diner and restaurant network in the world. Our mission is to help experience the world through dining, and we think that is delicious! We are seeking a Senior Application Security Engineer to join OpenTable’s team in Bucharest.

OpenTable is seeking a highly talented and motivated application security engineer to drive initiatives that protect the security of our customers. This is a high impact role, offering the opportunity to work with the latest technologies in an environment that encourages original thinking and new approaches. You will be responsible for the security of our customer’s data, restaurant’s systems and our employee’s interactions with our infrastructure. The ideal candidate will share our passion for engineering while maintaining the integrity and security of our data.

The senior application security engineer is responsible for validating that application services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security engineer addresses legacy and emerging security issues, and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. As issues are uncovered, the application security engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation – allowing for business continuity, but without negligent risk. Application security engineers are constantly assessing applications for weaknesses and finding resolutions before they can be abused. 

This position is also responsible for assessing the security of applications for business-to-business initiatives, third-party relationships, outsourced solutions and vendors, application development. Considered a highly knowledgeable individual, the application security engineer is expected to recommend programmatic controls, and monitor and manage secure development practices to address modern day issues. 

Role Responsibilities

    • Help the organization evolve its application security functions and services
    • Threat modeling, design reviews and consulting for teams throughout the company
    • Work with the product team to drive business enablement through requirements gathering and risk analysis
    • Perform validation of security controls to insure adherence with compliance and industry best practices
    • Translate vulnerability analysis results into actionable remediation and mitigation steps
    • Collaborate with Offensive Security and Threat Intelligence teams to identify novel vulnerabilities
    • Build tools to simplify and automate Application Vulnerability Management processes
    • Take a leadership role in working across the company on security projects
    • Assess and implement vendor security solutions that support our mission, application development


    • 5-7 years of combined Information Security or Information Technology Experience
    • B.S. or M.S. Computer Science or a related field, or equivalent experience
    • You have a breadth of knowledge and experience in application, infrastructure and systems security domains
    • You are a fast learner and have experience partnering with cross-functional teams
    • You have experience managing a bug bounty program, including triaging and providing strategic recommendations to engineering leads
    • Technical certifications within information security are a plus (CISSP, CCSP, OSCP, eLearnSecurity or equivalents)
    • Hacker mindset, passion for security always strive to think like an attacker
    • Professional development experience
    • Excellent written and oral communication skills
    • Vulnerability and penetration-testing skills
    • Excellence in communicating business risk from cybersecurity issues
    • Proficiency in software development (Java, JS, Go, Python, C++, Ruby, etc.)
    • Solid understanding of network and web protocols
    • Experience with security of intra-company and third-party APIs
    • Experience with dynamic and static analysis tools
    • Operate with a high level of independence with the ability to act as a mentor to junior Cybersecurity Engineers
    • Strong communication skills are required as well as the ability to work both independently and with a team

    Candidate Bonus Points for the Following:

    • Experience with applied cryptography including PKI, SSL, and key management
    • Experience with access and identity management
    • Experience with SIEM and log management

    Benefits package:

    • Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
    • Working in a fast-paced and performance driven culture
    • Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
    • Competitive compensation and benefits package 
    • Vast amounts of data to validate your ideas and the opportunity to experiment with real users.

    Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

    About Booking Holdings Romania:

    Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

    As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

    Sponsors & Partners

    They help us make this conference possible.


    At Orange Business Services, we help our customers transform their industries, reimagine their services, create a positive impact and unleash the power of their data into an amazing and trusted resource.

    With the dual expertise as a global operator coupled with the agility of an end-to-end integrator, Orange Business Services is a global network-native, digital services company. From connectivity, smart mobility services and the cloud to artificial intelligence (AI), analytics and cybersecurity, Orange Business Services helps businesses at every stage of their data management. Orange Business Services is represented in Romania by the business division of Orange Romania and helps large companies, SMEs and public authorities to transform their organizations through the use of technology and digital information.


    Platinum Partners

    Gold Partners

    pentest tools defcamp

    defcamp 2022 booking holdings

    Silver Partners

    siemens defcamp 2022

    huawei defcamp 2022

    Bronze Partner

    zitec defcamp