Enterprise Security partners closely with IT and Infrastructure teams to secure Airbnb’s corporate systems and network, enterprise applications and data, and to enable new business functions. Airbnb is a community built on trust, and we are an important part of that foundation.

What makes an Enterprise Security Engineer?

We are a team focused on proactive security and are looking for hands-on security engineers who are passionate about building and defending.

The team provides security expertise from the design to the implementation stage, builds and / or deploys tools to enhance the security posture, conducts assessments, and automates operational workflows. Examples of the work we’ve done include:

  • Secured SSH access to sensitive systems by moving SSH keys from client systems to hardened security tokens. This included developing macOS tooling that enabled PKCS#11 support, configured the security tokens (Yubikeys) and configured SSH to leverage the tokens.
  • Utilized infrastructure management tooling (Puppet / Chef, Terraform) to enable consistent hardening configs, and enabled code driven IAM and AWS Security Group configuration.
  • Deployed a Data Loss Prevention (DLP) solution focusing on PII and PCI related data that may be in SaaS applications (GSuite, SalesForce, Box).
  • Helped craft the overall security strategy for M&As from due diligence through post-close integration.
  • Enabled deployment of Chrome OS at scale for customer support agents to significantly reduce attack surface and improve endpoint management.

Additionally, here are some high-level areas we’re investing in:

  • Orchestration for security posture checks on all new infrastructure deployments.
  • Endpoint state attestation.
  • Scale proactive security controls to new environments (e.g. acquisitions).

Role and Responsibilities

  • Provide security expertise and guidance on new projects and technologies.
  • Design and drive implementation of secure infrastructure at scale.
  • Perform risk assessments and build threat models of core corporate and cloud infrastructure.
  • Harden our clients, servers, and networks against exploitation.
  • Build and / or implement tools that aid in enhancing the security posture of corporate infrastructure and services.
  • Collaborate with CSIRT and Production Security teams on cross-functional projects to secure our services and data.


  • B.S. or M.S. in Computer Science or related field, or equivalent experience.
  • Knowledge of the threat landscape, common attacks and mitigation methods.
  • Ability to develop tools using an interpreted programming language (PHP, Python, Ruby, etc.).
  • Familiarity with DevOps toolchain (e.g. Puppet / Chef / Ansible, Terraform, Jenkins)
  • Security generalist with a firm grasp of or meaningful experience in the following areas:
    • Operating systems internals and hardening (macOS, Linux, or Windows).
    • Networking protocols and operations.
    • Cloud infrastructure and services platforms (AWS strongly preferred)
    • Authentication, authorization and directory services.
    • Vulnerability management and remediation.


  • Stock
  • Competitive salaries
  • Quarterly employee travel coupon
  • Paid time off
  • Medical, dental, & vision insurance
  • Life insurance and disability benefits
  • Fitness Discounts
  • 401K with matching
  • Flexible Spending Accounts
  • Apple equipment
  • Commuter Subsidies
  • Community Involvement (4 hours per month to give back to the community)
  • Company sponsored tech talks and happy hours
  • Much more…

DevOps, Ansible, Ruby, Chef, ASP, Python, AWS, Puppet, PHP, and Engineering

23 days ago - source