Senior Security Engineer

Summary

Join Airbnb's Infrastructure Security team as a Senior Security Engineer and contribute to securing the company's systems, network, cloud infrastructure, applications, and data. You will work closely with BizTech to design and implement zero trust controls across various devices, deploy cloud security solutions, and utilize infrastructure management tooling to ensure consistent hardening configurations. You will also be responsible for deploying Data Loss Prevention (DLP) solutions, vulnerability management tools, and orchestrating security posture checks on new infrastructure deployments. This role involves providing security expertise, designing and implementing secure infrastructure, performing risk assessments, hardening systems, building security tools, and collaborating with cross-functional teams.

Requirements

• B.S. or M.S. in Computer Science or related field, or equivalent experience
• Knowledge of the threat landscape, common attacks and mitigation methods
• Ability to develop tools using a general purpose programming language (Golang, Python, Ruby, etc.)
• Familiarity with DevOps toolchain (e.g. Puppet / Chef / Ansible, Terraform, Jenkins)
• A firm grasp of or meaningful experience in the following areas
• Operating systems internals and hardening (macOS, Linux, or Windows)
• Networking protocols and operations
• Cloud infrastructure and services platforms (AWS and GCP strongly preferred)
• Authentication, authorization and directory services
• Vulnerability management and remediation

Responsibilities

• Work closely with our partners in BizTech to design and implement zero trust controls across our fleet of macOS, Chrome OS, iOS, Android and Windows devices, enabling Airbnb employees to work securely from anywhere, including
• Endpoint state attestation
• Next generation, code driven device management using open source MDM and configuration management tools
• Secure access controls using modern-era tools and techniques (e.g. WebAuthn, SSH over HTTP, Ephemeral access)
• EDR, DLP, and DFIR tools
• Deploy cloud security solutions and architectural standards and controls in a multi-cloud (e.g. GCP, Azure, AWS) and on-premise infrastructure
• Utilize infrastructure management tooling (Puppet / Chef, Ansible,Terraform) to enable consistent hardening configs and code-driven security configurations in a multi-cloud, on-prem environment (e.g. GCP, Azure, AWS)
• Deploy Data Loss Prevention (DLP) solutions focusing on PII and PCI related data that may be in SaaS applications (e.g. Google Workspace, SalesForce, Box) and consider additional DLP strategies
• Deploy vulnerability management tools across CI/CD, compute, and container infrastructure to detect vulnerabilities and security misconfigurations
• Orchestrate security posture checks on all new infrastructure deployments
• Scale proactive security controls to new environments (e.g. acquisitions)
• Provide security expertise and guidance on new projects and technologies
• Design and drive implementation of secure infrastructure at scale
• Perform risk assessments and build threat models of core cloud infrastructure
• Harden our clients, servers, networks, and cloud infrastructure against exploitation
• Build and / or implement tools that aid in enhancing the security posture of infrastructure and services
• Collaborate cross functionally with the business and within InfoSec to drive domain maturity

Benefits

• This role may also be eligible for bonus, equity, benefits, and Employee Travel Credits
• Pay Range $191,000 — $223,000 USD