Senior Staff Engineer, Security Incident Response

Airbnb is a mission-driven company dedicated to helping create a world where anyone can belong anywhere. It takes a unified team committed to our core values to achieve this goal. Airbnb's various functions embody the company's innovative spirit and our fast-moving team is committed to leading as a 21st century company.

We are looking for an experienced Threat Detection and Incident Response Lead. This role will report to the Director of Security and will be working with the Detection and Response Team. 

You will help refine the direction of the threat detection and incident response team, mentor/train the current team, and help with board and executive level reporting. You will also work with Threat Detection and Incident Response Engineers to lead large-scale, cross-functional projects throughout the organization, as well as help with detection and incident response efforts.

You will be working with the following teams:

• Incident Response Team (CSIRT) puts heavy emphasis on automation and high-fidelity rules with enough context to be triaged via a mobile application. They work on translating raw intelligence from public and commercial threat reports into actionable detection rules that focus on TTPs. They utilize MITRE’s ATT&CK framework to reason about breadth, depth and areas for improvement. They carefully reason about what they are uniquely positioned to do and where they can leverage industry partners and vendors.
• The Detection and Response Platform Engineering team builds and owns technologies that enable detecting and responding to potential security incidents across Airbnb’s infrastructure. Example of Projects that the team open-sourced: 
• StreamAlert: A scalable, serverless, real-time data analysis framework for security incident alerting.
• BinaryAlert: Serverless, real-time malware detection

Relevant Experience and Expectations

• People Mentorship and Development: You have multiple years of experience developing people. You are an effective coach, and you can provide mentorship and feedback. You enjoy investing in your teammates and developing them professionally so they reach their highest potential. You understand when to get your hands dirty and contribute and when to delegate and grow your teammates.
• Technical Leadership: You have experience in developing and communicating strategies that team(s) execute on. You don’t wait for things to happen to you, you make things happen. You have multiple years of experience in detecting and responding to attacks. You can quickly discern between false positives, true positives, broad crimeware attacks, APT attacks, and know the most effective ways of dealing with the swaths of risks and threats that face a business. Since this is a small team, you’re capable of strong individual contributions.
• Influence & Communication: You have strong written and verbal communication skills. You can dive into the details with engineers but also speak at the appropriate altitude when working with other organizations and leaders. You have empathy and seek to understand when communicating. This enables you to effectively identify the best path forward and influence how you approach a problem, as well as how other teams may prioritize supporting your work.

Areas of future and continued investment:

• Data science, analytics, and machine learning
• Host, container, and network instrumentation
• Big Data, ETL, AWS Athena
• Serverless Technologies including AWS Lambda and AWS Kinesis

The following are skills and experiences that are relevant to us:

• Experience with AWS (Lambda, Kinesis, S3, SNS, SQS, EC2, ...)
• Experience in Software development (Python, Golang)
• Familiar with version control (Git)
• Operating Systems internals and forensics experience for macOS, Windows & Linux.
• Extensive incident response experience in a 100% cloud production environment. 
• Telemetry aggregation, query, and correlation (Athena, Elasticsearch, Kibana)
• Familiar with logging infrastructure (Syslog, Fluentd, Logstash)
• A desire to dive into Big Data, Data Science, Analytics, Machine Learning

Benefits:

• Stock
• Competitive salaries
• Quarterly employee travel coupon
• Paid time off
• Medical, dental, & vision insurance
• Life insurance and disability benefits
• Fitness Discounts
• 401K
• Flexible Spending Accounts
• Apple equipment
• Commuter Subsidies
• Community Involvement (4 hours per month to give back to the community)
• Company sponsored tech talks and happy hours
• Much more...