Senior Staff Engineer, Security Incident Response
San Francisco
Airbnb
Get an Airbnb for every kind of trip → 7 million vacation rentals → 2 million Guest Favorites → 220+ countries and regions worldwideAirbnb is a mission-driven company dedicated to helping create a world where anyone can belong anywhere. It takes a unified team committed to our core values to achieve this goal. Airbnb's various functions embody the company's innovative spirit and our fast-moving team is committed to leading as a 21st century company.
We are looking for an experienced Threat Detection and Incident Response Lead. This role will report to the Director of Security and will be working with the Detection and Response Team.
You will help refine the direction of the threat detection and incident response team, mentor/train the current team, and help with board and executive level reporting. You will also work with Threat Detection and Incident Response Engineers to lead large-scale, cross-functional projects throughout the organization, as well as help with detection and incident response efforts.
You will be working with the following teams:
- Incident Response Team (CSIRT) puts heavy emphasis on automation and high-fidelity rules with enough context to be triaged via a mobile application. They work on translating raw intelligence from public and commercial threat reports into actionable detection rules that focus on TTPs. They utilize MITRE’s ATT&CK framework to reason about breadth, depth and areas for improvement. They carefully reason about what they are uniquely positioned to do and where they can leverage industry partners and vendors.
- The Detection and Response Platform Engineering team builds and owns technologies that enable detecting and responding to potential security incidents across Airbnb’s infrastructure. Example of Projects that the team open-sourced:
- StreamAlert: A scalable, serverless, real-time data analysis framework for security incident alerting.
- BinaryAlert: Serverless, real-time malware detection
Relevant Experience and Expectations
- People Mentorship and Development: You have multiple years of experience developing people. You are an effective coach, and you can provide mentorship and feedback. You enjoy investing in your teammates and developing them professionally so they reach their highest potential. You understand when to get your hands dirty and contribute and when to delegate and grow your teammates.
- Technical Leadership: You have experience in developing and communicating strategies that team(s) execute on. You don’t wait for things to happen to you, you make things happen. You have multiple years of experience in detecting and responding to attacks. You can quickly discern between false positives, true positives, broad crimeware attacks, APT attacks, and know the most effective ways of dealing with the swaths of risks and threats that face a business. Since this is a small team, you’re capable of strong individual contributions.
- Influence & Communication: You have strong written and verbal communication skills. You can dive into the details with engineers but also speak at the appropriate altitude when working with other organizations and leaders. You have empathy and seek to understand when communicating. This enables you to effectively identify the best path forward and influence how you approach a problem, as well as how other teams may prioritize supporting your work.
Areas of future and continued investment:
- Data science, analytics, and machine learning
- Host, container, and network instrumentation
- Big Data, ETL, AWS Athena
- Serverless Technologies including AWS Lambda and AWS Kinesis
The following are skills and experiences that are relevant to us:
- Experience with AWS (Lambda, Kinesis, S3, SNS, SQS, EC2, ...)
- Experience in Software development (Python, Golang)
- Familiar with version control (Git)
- Operating Systems internals and forensics experience for macOS, Windows & Linux.
- Extensive incident response experience in a 100% cloud production environment.
- Telemetry aggregation, query, and correlation (Athena, Elasticsearch, Kibana)
- Familiar with logging infrastructure (Syslog, Fluentd, Logstash)
- A desire to dive into Big Data, Data Science, Analytics, Machine Learning
Benefits:
- Stock
- Competitive salaries
- Quarterly employee travel coupon
- Paid time off
- Medical, dental, & vision insurance
- Life insurance and disability benefits
- Fitness Discounts
- 401K
- Flexible Spending Accounts
- Apple equipment
- Commuter Subsidies
- Community Involvement (4 hours per month to give back to the community)
- Company sponsored tech talks and happy hours
- Much more...
Tags: Analytics APT Automation AWS Big Data Cloud CSIRT EC2 Elasticsearch Forensics Golang Incident response Lambda Linux Machine Learning MacOS Malware Python S3 SNS SQS Threat detection TTPs Windows
Perks/benefits: Career development Fitness / gym Flex hours Flex vacation Health care Insurance Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs