Security Engineer

Airbnb is a mission-driven company dedicated to helping create a world where anyone can belong anywhere. It takes a unified team committed to our core values to achieve this goal. Airbnb's various functions embody the company's innovative spirit and our fast-moving team is committed to leading as a 21st century company.

Airbnb’s Enterprise Security team is focused on proactive security and is looking for a hands-on Security Engineer who is passionate about building, defending and enabling our customers with seamless user experiences.  Enterprise Security partners closely with IT and Infrastructure teams to secure Airbnb’s corporate systems, network, applications and data.  Our philosophy is to enable new business functions by reducing the friction often associated with security controls. Airbnb is a community built on trust, and we are an integral part of that foundation.

Our team provides security expertise from the design to the implementation stage, builds and / or deploys tools to enhance Airbnb’s security posture, conducts assessments, and automates operational workflows.

Our team of Security Engineers:

• Deploy cloud security solutions and controls in a multi-cloud (e.g. GCP, Azure, AWS) and on-premise infrastructure.
• Build secure access controls using modern-era tools and techniques (e.g. WebAuthn, SSH over HTTP, Ephemeral access)
• Utilize infrastructure management tooling (Puppet / Chef, Ansible,Terraform) to enable consistent hardening configs and code-driven security configurations in a multi-cloud, on-prem environment (e.g. GCP, Azure, AWS)
• Deploy Data Loss Prevention (DLP) solutions focusing on PII and PCI related data that may be in SaaS applications (e.g. GSuite, SalesForce, Box) and consider additional DLP strategies.
• Deploy vulnerability management tools across CI/CD, compute, and container infrastructure to detect vulnerabilities and security misconfigurations.
• Enable deployment of Chrome OS at scale for customer support agents to significantly reduce attack surface and improve endpoint management.
• Orchestrate security posture checks on all new infrastructure deployments.
• Implement endpoint state attestation tooling.
• Scale proactive security controls to new environments (e.g. acquisitions).

Additionally, here are some high-level areas we’re investing in:

• Orchestration for security posture checks on all new infrastructure deployments.
• Endpoint state attestation and hardening.
• Scale proactive security controls to new environments (e.g. acquisitions).
• Development of custom and open source security solutions.
• Cloud Security Architecture and posture management.

Role and Responsibilities

• Provide security expertise and guidance on new projects and technologies.
• Design and drive implementation of secure infrastructure at scale.
• Perform risk assessments and build threat models of core corporate and cloud infrastructure.
• Harden our clients, servers, and networks against exploitation.
• Build and / or implement tools that aid in enhancing the security posture of corporate infrastructure and services.
• Collaborate with CSIRT and Production Security teams on cross-functional projects to secure our services and data.

We value the following qualifications:

• B.S. or M.S. in Computer Science or related field, or equivalent experience.
• Knowledge of the threat landscape, common attacks and mitigation methods.
• Ability to develop tools using an interpreted programming language (Golang, Python, Ruby, etc.).
• Familiarity with DevOps toolchain (e.g. Puppet / Chef / Ansible, Terraform, Jenkins)
• A firm grasp of or meaningful experience in the following areas:
• Operating systems internals and hardening (macOS, Linux, or Windows).
• Networking protocols and operations.
• Cloud infrastructure and services platforms (AWS and GCP strongly preferred)
• Authentication, authorization and directory services.
• Vulnerability management and remediation.

Note:

We understand that experience and exposure to the technologies listed above are subjective to the opportunities you have been presented during your career.  If you have some of these qualifications, but not necessarily all of them, we would still love to hear from you.  We value lifetime learners who aspire to take on new opportunities and who can provide diverse perspectives to our Security Engineering team.