Software Engineer, Security
San Francisco, United States
Airbnb is built on trust. Our security team works hard to improve the security of our platform that enables millions of users to explore the world.
We are looking for people who want to make the Airbnb platform and customer data safer for millions of users around the world. We’d love to talk to you if you’re a talented individual who is passionate about finding security weaknesses and crafting scalable and usable solutions. We are enablers who make it easier for engineers to create secure features, not blockers.
If the mission sounds exciting to you, we have a few different flavors of projects/skill sets we are looking for.
Specifically, current scopes of Software Engineering in Information Security teams include the following:
- Identity and access management: Build the platform to ensure that Airbnb employees and services have appropriate access to Airbnb resources.
- Data security and privacy: Build technical solutions to protect Airbnb customer user data within Airbnb infrastructure and meet privacy compliance requirements.
- Production Security: Build technical solutions to protect Airbnb’s production infrastructure ecosystem.
What are examples of work that Software Engineers in the Information Security team have done at Airbnb?
Identity and Access Management (IAM)
- Author, release and maintain standardized identity and access management solutions for Airbnb employees.
- Work across functions to improve IAM solutions to meet SOX compliance for Airbnb.
- Author and maintain authentication/authorization services, libraries, and frameworks.
Data Security (DataSec)
- Author & maintain core encryption services, libraries, and frameworks to protect user data at large scale.
- Author & maintain sensitive data identification services, libraries and frameworks to identify personal data to meet privacy compliance requirements (e.g. GDPR, CCPA etc).
- Understand requirements from legal and compliance team, author and build large scale services to enable Airbnb privacy compliance.
- Author & maintain internal certificate management service for Airbnb production.
Production Security (ProdSec)
- Build tools to detect production platform vulnerabilities and automate scanning against kubernetes solutions, etc.
- Build automation and create best practices to ensure AWS security.
- Work across functions to ensure the security of the entire production infrastructure, e.g. managing infrastructure secrets.
Common examples of enrichment activities of SWE in security
- Help design and review security-sensitive aspects of systems.
- Train new engineers and evangelize good security habits; ensure best practices (in technology or education/outreach).
- Attend security conferences.
- Contribute to open source.
- Publish security research.
The following are some examples of profiles that are relevant to us. If a subset of these things apply to you, please consider applying. We are looking to build a team of both specialists in security and generalists in software engineering.
- 5+ years of software development or job related working experience
- Solid defensive security experience shipping projects that mitigate application or infrastructure risks at scale.
- Experience finding ways to enable other engineers to develop secure products by default without requiring security expertise.
- Significant experience in building robust internal products/tools or production backend services at scale.
- Significant experience in any of the following: Generalist Backend, Full Stack Engineer, SRE, or Security Engineer experience.
- Working knowledge of cloud computing (AWS) operations.
- Interest in building and breaking.
- Competitive salaries
- Quarterly employee travel coupon
- Paid time off
- Medical, dental, & vision insurance
- Life insurance and disability benefits
- Fitness Discounts
- Flexible Spending Accounts
- Apple equipment
- Commuter Subsidies
- Community Involvement (4 hours per month to give back to the community)
- Company sponsored tech talks and happy hours
- Much more...