Senior Security Engineer, Detection & Response

Airbnb is a mission-driven company dedicated to helping create a world where anyone can belong anywhere. It takes a unified team committed to our core values to achieve this goal. Airbnb's various functions embody the company's innovative spirit and our fast-moving team is committed to leading as a 21st century company.

What is a Senior Security Engineer, CSIRT at Airbnb?

The Computer Security Incident Response Team (CSIRT) at Airbnb is focused on automating security detection, responding to security incidents, and working with partner teams to build capabilities that support the incident lifecycle. This is the front-line team that detects, investigates, and responds to security threats and malicious activity.

While the team is not new, we are now at a point of increasing scope. This is a key senior role to define and execute our vision for threat detection and incident response capabilities and process while mentoring other team members. As a senior engineer on the team, you will have direct impact building, optimizing, and growing securing capabilities as you help deliver world-class threat detection and incident response.  

Responsibilities:

• Investigation & Response: Perform investigations of security incidents using your knowledge and understanding of digital forensic artifacts, log data analysis and/or developing automation for investigation & response capabilities that scale. 
• Incident Handling: Coordinate and drive resolution on a diverse range of incidents as part of an on-call team. Analyze root causes, trends and systematic issues.
• Detection Engineering: Create and automate threat detection and hunting based on indicators observed during incident response or from other threat intelligence.
• Technical Leadership: Help define and execute strategy for threat detection and incident response.  
• Influence & Communication: Collaborate well with cross-functional partner teams, such as Legal, Privacy, and Engineering for efficient, large-scale response.

Minimum Requirements:

• 5+ years of hands-on technical experience in security engineering, systems engineering, software engineering, network engineering, or privacy engineering.
• 3+ of those years of experience in incident response including host and cloud forensics, incident management, threat intelligence, threat hunting, and/or security detection.
• Bachelor's degree in a related technical field or equivalent practical experience.
• Ability to lead people in complex, ambiguous situations through influence and not authority.
• Ability to work calmly and collaboratively in critical situations with expediency.  
• Outstanding organizational, prioritization, and multitasking skills.
• Experience automating security detection and response.
• We are not focused on specific tools but we often use Python, AWS, SQL, and more.