22 Apr 2026

Security Engineer II

Booking.com

Amsterdam

22 Apr 2026

Apply

Security Engineer II role at Booking.com in Amsterdam, focusing on application security including WAF management, bot mitigation, and incident response. Requires 3+ years of experience in application security, proficiency in Python, and deep understanding of HTTP/S internals and OWASP Top 10.

HybridFull-timeMid LevelPythonHTTP/S

Security Engineer II

Apply

HybridFull-timeMid LevelPython

Salary

Not specified

Work Location

Amsterdam, North Holland, Netherlands, NL

Work Model

Hybrid

Experience Required

3 years

Employment Type

Full-time

Experience Level

3+ years of experience in application security or information security roles

Core Qualifications

Technical (Must-have)

PythonHTTP/SOWASP Top 10WAFDevSecOpsCI/CDAWSAzureGCPAPI security

Soft Skills

analytical skillsproblem-solving skillsownership mindsetcommunication skillsintellectual curiosity

Tools (Must-have)

SIEM toolssecurity monitoring solutions

Preferred Qualifications

Technical (Nice-to-have)

AWS WAFAWS Bot Controlcloud securitymicroservices architecturesthreat modellingrisk assessmentPCI DSSGDPRmachine learningAI

Key Responsibilities

•Implement, configure, and manage our Web Application Firewall (WAF) infrastructure to protect web applications from common security threats
•Develop and maintain bot detection systems to identify and mitigate automated threats and malicious bot activity
•Participate in incident response for application security events, supporting investigation, containment, and remediation
•Contribute to security policies aligned with organisational requirements and industry best practices
•Conduct regular audits and testing of WAF and bot detection rules to ensure effectiveness and minimise false positives
•Collaborate with development teams to implement secure coding practices and review application architectures for security considerations
•Build and maintain internal tooling and automation to scale security operations and reduce manual toil in detection and response workflows
•Develop and maintain documentation for security controls, configurations, and incident response procedures
•Stay current with the emerging threat landscape and proactively contribute to improving our security controls

Security EngineerApplication SecurityWAFBot MitigationIncident ResponsePythonDevSecOpsCloud SecurityAmsterdamHybrid

Key Responsibilities

•Implement, configure, and manage our Web Application Firewall (WAF) infrastructure to protect web applications from common security threats

•Develop and maintain bot detection systems to identify and mitigate automated threats and malicious bot activity

•Participate in incident response for application security events, supporting investigation, containment, and remediation

•Contribute to security policies aligned with organisational requirements and industry best practices

•Conduct regular audits and testing of WAF and bot detection rules to ensure effectiveness and minimise false positives

•Collaborate with development teams to implement secure coding practices and review application architectures for security considerations

•Build and maintain internal tooling and automation to scale security operations and reduce manual toil in detection and response workflows

•Develop and maintain documentation for security controls, configurations, and incident response procedures

•Stay current with the emerging threat landscape and proactively contribute to improving our security controls