Airbnb is a mission-driven company dedicated to helping create a world where anyone can belong anywhere. It takes a unified team committed to our core values to achieve this goal. Airbnb's various functions embody the company's innovative spirit and our fast-moving team is committed to leading as a 21st century company.

Senior Security Engineer, Insider Threat Detection and Response

What is a Lead Security Engineer, Insider Threat Detection and Response at Airbnb?

The Detection and Response Team (DART) at Airbnb is focused on automating security detection, responding to security incidents, and working with partner teams to build capabilities that support the security incident response lifecycle. This is the front-line team that detects, investigates, and responds to security threats and malicious activity against Airbnb’s data, systems and infrastructure.

To further increase our coverage, the team is looking to build a mature and world-class insider threat program. This is a key technical leadership role to define and execute our vision for insider threat detection and response capabilities and process while mentoring other team members. As a lead security engineer, you will have direct impact building a new program through influence and technical leadership.

 

Responsibilities

  • Partner closely with stakeholders across the organization to help build and implement an Insider Threat Program to fit the company’s needs and goals.
  • Perform investigations of security incidents using your knowledge of digital forensics and data analytics.
  • Use your coding, data analytics and investigation skills to hunt, detect and respond to insider threats and help detect data abuse and data exfiltration at scale.
  • Build automation and detection models to support identification of anomalous activity and response activities to mitigate insider threats at scale.
  • Hunt for insider threats in our corporate and production environments to proactively identify anomalous activity.
  • Work side by side with our engineering teams to build advanced detection solutions to help keep systems and information safe, and partner closely with our Human Resources and Legal teams to carry out complex investigations.
  • Identify gaps in our infrastructure, and work with business partners to gain visibility through logging and detection.
  • Identify and consult on the design of countermeasures to mitigate insider threats in our environment.
  • Collaborate with cross-functional partner teams, such as Global Safety & Security teams, Legal, Privacy, and Engineering for efficient, large-scale coordinated response. 
  • Partner with stakeholders to contribute to Security Awareness messaging and Training.

Minimum Requirements:

  • 5+ years of hands-on in-depth knowledge and technical experience in security operations including investigations, incident response, incident management, digital forensics, threat intelligence, threat hunting, and/or detection engineering.
  • Bachelor's degree in a related technical field or equivalent practical experience.
  • Exposure to data science and analytics solutions applicable to the insider threat detection space.
  • Experience with Insider Threat technologies (SIEMs, Data Loss Prevention solutions, host forensic solutions).
  • Knowledge and familiarity of the Cyber Kill Chain Framework and MITRE ATT&CK Framework and how these apply to the insider threat landscape.
  • Self-motivated and creative problem-solver able to work independently with minimal guidance.
  • Ability to lead people in complex, ambiguous situations through influence and not authority.
  • Ability to work calmly and collaboratively in critical high-stress situations with expediency.  
  • Outstanding organizational, prioritization, and multitasking skills.
  • Experience automating security detection and response.
  • Experience in AWS services (EC2, S3, Lambda, RDS) preferred
  • We are not focused on specific tools but we often use Python, AWS, SQL, and more.

The starting base pay for this role is between $190,000 and $245,000. The actual base pay is dependent upon many factors, such as: education, experience, and skills. The base pay range is subject to change and may be modified in the future. This role may also be eligible for bonus, equity, benefits, and Employee Travel Credits.

 

This position is US - Remote Eligible. The role may include occasional work at an Airbnb office or attendance at offsites, as agreed to with your manager. Airbnb,Inc. can employ in  states where we have registered entities. Currently, employees can not be located in: Alaska, Indiana, Nebraska, North Dakota, Ohio, South Dakota, Wisconsin, Alabama, Mississippi, Oklahoma, Delaware and Rhode Island. This list is continuously  evolving and being updated, please check back with us if the state you live in is on the exclusion list. If your position is employed by another Airbnb entity, your recruiter will inform you what states you are eligible to work from. 

 

Belonging & Accommodations

Airbnb is committed to working with the best and brightest people from the broadest talent pool possible. We believe a diversity of ideas fosters innovation and engagement, and allows us to attract the best people, and to develop the best products, services and solutions. All qualified individuals are encouraged to apply. If you need assistance, or a reasonable accommodation during the application and recruiting process, please contact us at: reasonableaccommodations@airbnb.com.