Enterprise Security partners closely with IT and Infrastructure teams to secure Airbnb’s corporate systems and network, enterprise applications and data, and to enable new business functions. Airbnb is a community built on trust, and we are an important part of that foundation.
What makes an Enterprise Security Engineer?
We are a team focused on proactive security and are looking for hands-on security engineers who are passionate about building and defending.
The team provides security expertise from the design to the implementation stage, builds and / or deploys tools to enhance the security posture, conducts assessments, and automates operational workflows. Examples of the work we’ve done include:
- Secured SSH access to sensitive systems by moving SSH keys from client systems to hardened security tokens. This included developing macOS tooling that enabled PKCS#11 support, configured the security tokens (Yubikeys) and configured SSH to leverage the tokens.
- Utilized infrastructure management tooling (Puppet / Chef, Terraform) to enable consistent hardening configs, and enabled code driven IAM and AWS Security Group configuration.
- Deployed a Data Loss Prevention (DLP) solution focusing on PII and PCI related data that may be in SaaS applications (GSuite, SalesForce, Box).
- Helped craft the overall security strategy for M&As from due diligence through post-close integration.
- Enabled deployment of Chrome OS at scale for customer support agents to significantly reduce attack surface and improve endpoint management.
Additionally, here are some high-level areas we’re investing in:
- Orchestration for security posture checks on all new infrastructure deployments.
- Endpoint state attestation.
- Scale proactive security controls to new environments (e.g. acquisitions).
Role and Responsibilities
- Provide security expertise and guidance on new projects and technologies.
- Design and drive implementation of secure infrastructure at scale.
- Perform risk assessments and build threat models of core corporate and cloud infrastructure.
- Harden our clients, servers, and networks against exploitation.
- Build and / or implement tools that aid in enhancing the security posture of corporate infrastructure and services.
- Collaborate with CSIRT and Production Security teams on cross-functional projects to secure our services and data.
- B.S. or M.S. in Computer Science or related field, or equivalent experience.
- Knowledge of the threat landscape, common attacks and mitigation methods.
- Ability to develop tools using an interpreted programming language (PHP, Python, Ruby, etc.).
- Familiarity with DevOps toolchain (e.g. Puppet / Chef / Ansible, Terraform, Jenkins)
- Security generalist with a firm grasp of or meaningful experience in the following areas:
- Operating systems internals and hardening (macOS, Linux, or Windows).
- Networking protocols and operations.
- Cloud infrastructure and services platforms (AWS strongly preferred)
- Authentication, authorization and directory services.
- Vulnerability management and remediation.
- Competitive salaries
- Quarterly employee travel coupon
- Paid time off
- Medical, dental, & vision insurance
- Life insurance and disability benefits
- Fitness Discounts
- 401K with matching
- Flexible Spending Accounts
- Apple equipment
- Commuter Subsidies
- Community Involvement (4 hours per month to give back to the community)
- Company sponsored tech talks and happy hours
- Much more…
DevOps, Ansible, Ruby, Chef, ASP, Python, AWS, Puppet, PHP, and Engineering
23 days ago - source