Security Engineer | Booking.com Global Negotiation Guide

Negotiation DNA: Base + BKNG RSUs (4yr vest) + 15-20% Bonus | Travel & Hospitality Platform | Agentic AI Front Door | +35% AGENTIC PREMIUM | Revenue-Critical Guest Interactions

Region	Base Salary	Stock (BKNG RSU/4yr)	Bonus	Total Comp
Amsterdam	€85K–€118K	$68K–$115K	15–20%	€138K–€202K
New York	$162K–$222K	$95K–$150K	15–20%	$235K–$325K
London	£78K–£108K	$62K–$105K	15–20%	£128K–£185K

Negotiation DNA

Security Engineers at Booking.com — the world's largest online travel platform with 28M+ listings and $150B+ in annual gross bookings — protect the AI agent systems that handle sensitive guest data, payment transactions, and personal travel information across every autonomous booking conversation. As Booking.com transforms from search-based booking to AI agents that manage the entire guest journey, Security Engineers face entirely new threat vectors: prompt injection attacks that could manipulate booking recommendations, data exfiltration through conversational interfaces, and adversarial attacks on agent decision-making that could redirect revenue. Your security work directly protects revenue-critical guest interactions, and Booking Holdings (BKNG, ~$5,000/share) RSUs align your compensation with the platform's trustworthiness. The 35% Agentic Premium reflects that a single security failure in an AI agent conversation could compromise guest trust and booking revenue at massive scale. Amsterdam is the primary HQ. [Sources: Booking Holdings 2025 Annual Report; levels.fyi Booking.com Security data 2025-2026; Booking.com Engineering Blog — Security]

Level Mapping: Booking.com Security Engineer = Google Security Engineer L4/L5 = Expedia Security Engineer = Airbnb Security Engineer = Meta Security Engineer = Amazon Security Engineer

Agentic Front Door — From Search to Agents

Booking.com is replacing its search-based booking interface with AI agents — autonomous systems that handle the entire guest journey through conversation: understanding travel intent, recommending destinations and properties, comparing options, handling booking logistics, and providing in-trip support. This is the shift from 'Search' to 'Agents' — and it means every engineering role at Booking.com now touches revenue-critical guest interactions. "As a Security Engineer, you protect the AI agent systems that handle Booking.com's most sensitive guest interactions — conversations involving personal data, travel preferences, payment information, and booking decisions. The AI agent IS the booking interface — every agent interaction directly determines whether a guest books, and your security work determines whether those interactions are safe from manipulation, data theft, and adversarial attacks. Replacing search with agents means Booking.com's entire $150B+ gross booking volume flows through AI agent interactions that you secure. Candidates should argue: 'I secure the AI agents that handle revenue-critical guest interactions — every prompt injection I prevent, every data leak I block, directly protects millions of potential $500+ bookings and guest trust. The 35% Agentic Premium reflects that my security work directly protects Booking.com's revenue and reputation in the highest-stakes interaction layer.' Compare to: security engineers on search systems protect against traditional web attacks — agent security engineers defend against entirely new AI-specific threats like prompt injection, agent manipulation, and conversational data exfiltration during live transactions." Push for the full 35% Agentic Premium.

Global Levers

1. 35% Agentic Premium — Revenue-Critical Interactions: "I secure the AI agents that handle every revenue-critical guest interaction. AI agent security is a new discipline — prompt injection, agent manipulation, conversational data exfiltration — and a single vulnerability could compromise guest trust and booking revenue across the entire platform."
2. $150B+ Gross Bookings Through Agents: "My security work protects $150B+ in gross bookings flowing through AI agent interactions. A security breach in the agent layer doesn't just expose data — it could manipulate booking recommendations, redirect payments, or erode the trust that drives conversion."
3. 28M+ Listings — World's Largest Travel Platform: "I'm securing AI agent systems that interact with 28M+ property partners, handling sensitive pricing, availability, and guest data across 220+ countries with varying data protection regulations — from GDPR to local travel industry requirements."
4. AI-Specific Threat Landscape: "Securing AI agents requires entirely new security expertise — prompt injection defense, LLM output sanitization, agent behavior monitoring, and adversarial robustness testing. This specialized skillset is extremely scarce and commands a premium in the current market."

Negotiate Up Strategy: "I'm targeting €115K base and $108K RSUs over 4 years with the 35% Agentic Premium for this Security Engineer position. I secure the AI agents that handle revenue-critical guest interactions — protecting against AI-specific threats like prompt injection and agent manipulation across $150B+ in booking volume. I have competing offers from ING at €188K TC / ASML at €195K TC." Accept at €85K base and $68K RSUs.

Evidence & Sources

• [Booking.com Agentic AI Front Door — From Search to Agents 2026]
• [Booking.com $150B+ Gross Bookings — Revenue-Critical AI Interactions]
• [Booking Holdings BKNG — Travel Platform Scale]
• [levels.fyi Booking.com Security Engineer Compensation 2025-2026]