Senior Security Engineer, Infrastructure Security

The Community You Will Join:

Airbnb’s Infrastructure Security team is focused on proactive security and is looking for a hands-on Security Engineer who is passionate about building, defending and enabling our customers with seamless user experiences. Infrastructure Security partners closely with BizTech and Corporate and Production Infrastructure teams to secure Airbnb’s systems, network, cloud infrastructure, applications, and data. Our philosophy is to enable new business functions by reducing the friction often associated with security controls. Airbnb is a community built on trust, and we are integral to that foundation.

Our team provides security expertise from the design to the implementation stage, builds and / or deploys tools to enhance Airbnb’s security posture, authors and enforces security architectural best practices and standards, conducts assessments, and automates operational workflows.

Infrastructure Security is responsible for safe guarding Endpoint, Compute, Cloud, Network, and Application and covers each functional domain by a combination of transparent architectural standards, education, and strategic technical controls for enforcement.

We also lead a matrixed Vulnerability Management service, and consistently enforce operational security hygiene, and respond to zero day exposure when necessary.

The Difference You Will Make:

As a Senior Security Engineer, Infrastructure Security, you will:

• Work closely with our partners in BizTech to design and implement zero trust controls across our fleet of macOS, Chrome OS, iOS, Android and Windows devices, enabling Airbnb employees to work securely from anywhere, including:
• Endpoint state attestation
• Next generation, code driven device management using open source MDM and configuration management tools
• Secure access controls using modern-era tools and techniques (e.g. WebAuthn, SSH over HTTP, Ephemeral access)
• EDR, DLP, and DFIR tools
• Deploy cloud security solutions and architectural standards and controls in a multi-cloud (e.g. GCP, Azure, AWS) and on-premise infrastructure.
• Utilize infrastructure management tooling (Puppet / Chef, Ansible,Terraform) to enable consistent hardening configs and code-driven security configurations in a multi-cloud, on-prem environment (e.g. GCP, Azure, AWS)
• Deploy Data Loss Prevention (DLP) solutions focusing on PII and PCI related data that may be in SaaS applications (e.g. Google Workspace, SalesForce, Box) and consider additional DLP strategies.
• Deploy vulnerability management tools across CI/CD, compute, and container infrastructure to detect vulnerabilities and security misconfigurations.
• Orchestrate security posture checks on all new infrastructure deployments.
• Scale proactive security controls to new environments (e.g. acquisitions).

A Typical Day:

• Provide security expertise and guidance on new projects and technologies.
• Design and drive implementation of secure infrastructure at scale.
• Perform risk assessments and build threat models of core cloud infrastructure.
• Harden our clients, servers, networks, and cloud infrastructure against exploitation.
• Build and / or implement tools that aid in enhancing the security posture of infrastructure and services.
• Collaborate cross functionally with the business and within InfoSec to drive domain maturity.

Your Expertise:

• B.S. or M.S. in Computer Science or related field, or equivalent experience.
• Knowledge of the threat landscape, common attacks and mitigation methods.
• Ability to develop tools using a general purpose programming language (Golang, Python, Ruby, etc.).
• Familiarity with DevOps toolchain (e.g. Puppet / Chef / Ansible, Terraform, Jenkins)
• A firm grasp of or meaningful experience in the following areas:
• Operating systems internals and hardening (macOS, Linux, or Windows).
• Networking protocols and operations.
• Cloud infrastructure and services platforms (AWS and GCP strongly preferred)
• Authentication, authorization and directory services.
• Vulnerability management and remediation.

Your Location:

This position is US - Remote Eligible. The role may include occasional work at an Airbnb office or attendance at offsites, as agreed to with your manager. While the position is Remote Eligible, you must live in a state where Airbnb, Inc. has a registered entity. Click here for the up-to-date list of excluded states. This list is continuously evolving, so please check back with us if the state you live in is on the exclusion list. If your position is employed by another Airbnb entity, your recruiter will inform you what states you are eligible to work from.

Our Commitment To Inclusion & Belonging:

Airbnb is committed to working with the broadest talent pool possible. We believe diverse ideas foster innovation and engagement, and allow us to attract creatively-led people, and to develop the best products, services and solutions. All qualified individuals are encouraged to apply.

We strive to also provide a disability inclusive application and interview process. If you are a candidate with a disability and require reasonable accommodation in order to submit an application, please contact us at: reasonableaccommodations@airbnb.com. Please include your full name, the role you’re applying for and the accommodation necessary to assist you with the recruiting process.

We ask that you only reach out to us if you are a candidate whose disability prevents you from being able to complete our online application.