Senior Security Engineer, Infrastructure Security

Summary

Join Airbnb's Infrastructure Security team as a Senior Security Engineer and play a key role in designing and implementing zero trust controls across various devices. You will work closely with BizTech partners, deploy cloud security solutions, utilize infrastructure management tooling, and deploy DLP solutions. A typical day involves providing security expertise, designing secure infrastructure, performing risk assessments, hardening infrastructure, and building security tools. You will collaborate cross-functionally to drive domain maturity. This US-remote eligible position requires a BS or MS in Computer Science or equivalent experience and expertise in operating systems, networking, cloud infrastructure, and vulnerability management. The role offers a competitive salary, bonus, equity, benefits, and Employee Travel Credits.

Requirements

• B.S. or M.S. in Computer Science or related field, or equivalent experience
• Knowledge of the threat landscape, common attacks and mitigation methods
• Ability to develop tools using a general purpose programming language (Golang, Python, Ruby, etc.)
• Familiarity with DevOps toolchain (e.g. Puppet / Chef / Ansible, Terraform, Jenkins)
• A firm grasp of or meaningful experience in the following areas
• Operating systems internals and hardening (macOS, Linux, or Windows)
• Networking protocols and operations
• Authentication, authorization and directory services
• Vulnerability management and remediation

Responsibilities

• Work closely with our partners in BizTech to design and implement zero trust controls across our fleet of macOS, Chrome OS, iOS, Android and Windows devices, enabling Airbnb employees to work securely from anywhere, including
• Endpoint state attestation
• Next generation, code driven device management using open source MDM and configuration management tools
• Secure access controls using modern-era tools and techniques (e.g. WebAuthn, SSH over HTTP, Ephemeral access)
• EDR, DLP, and DFIR tools
• Deploy cloud security solutions and architectural standards and controls in a multi-cloud (e.g. GCP, Azure, AWS) and on-premise infrastructure
• Utilize infrastructure management tooling (Puppet / Chef, Ansible,Terraform) to enable consistent hardening configs and code-driven security configurations in a multi-cloud, on-prem environment (e.g. GCP, Azure, AWS)
• Deploy Data Loss Prevention (DLP) solutions focusing on PII and PCI related data that may be in SaaS applications (e.g. Google Workspace, SalesForce, Box) and consider additional DLP strategies
• Deploy vulnerability management tools across CI/CD, compute, and container infrastructure to detect vulnerabilities and security misconfigurations
• Orchestrate security posture checks on all new infrastructure deployments
• Scale proactive security controls to new environments (e.g. acquisitions)
• Provide security expertise and guidance on new projects and technologies
• Design and drive implementation of secure infrastructure at scale
• Perform risk assessments and build threat models of core cloud infrastructure
• Harden our clients, servers, networks, and cloud infrastructure against exploitation
• Build and / or implement tools that aid in enhancing the security posture of infrastructure and services
• Collaborate cross functionally with the business and within InfoSec to drive domain maturity

Preferred Qualifications

Cloud infrastructure and services platforms (AWS and GCP strongly preferred)

Benefits

This role may also be eligible for bonus, equity, benefits, and Employee Travel Credits