Information Security Risk and Compliance Engineer

Airbnb, San Francisco, California

Who wouldn't want to work here?


Airbnb’s mission is to create a world where people can belong anywhere. Airbnb is looking to hire a technical Information Security Risk and Compliance Engineer who can help the core Information Security team support the rest of the business.


There are two core responsibilities for this role: information security compliance and representing security during M&A and post-close to help acquired organizations improve security.

The first core responsibility is owning and coordinating information security compliance requirements across the company. This will require both understanding the current obligations , and owning the information security compliance roadmap. That will be a collaborative effort across Compliance, Legal, Security, and Engineering teams. Examples include:

  • Working with Compliance to define unified requirements across multiple compliance efforts (ex: MTLs and PCI)
  • Identifying practices or procedures that don’t adhere to existing compliance requirements. Working with those impacted teams to identify a path forward that meaningfully satisfies compliance requirements.
  • Influencing the roadmaps of security, engineering, and other teams to enable compliance work.
  • Establishing a program and a set of processes and procedures that ensure that we’re consistently compliant as the business grows and changes.

The ideal candidate has a strong technical background and can reason about when a compliance challenge should be solved via policy, procedures and/or technology. This ensures we hit or exceed compliance requirements and maintain our ability to achieve business objectives.

The second core responsibility is risk management for newly acquired organizations. This will involve managing or conducting risk assessments and due diligence for an acquisition and mapping out security gaps between the acquired company and Airbnb’s security goals. The ideal candidate can create a roadmap for how the acquired organization can take a prioritized approach to align with Airbnb security goals, and set the company up for success by working closely with them in reaching towards that goal. The level of involvement may vary from directly building a security program, to an advisory role depending on resources available at the acquired company.

We are looking for someone who has:

  • 7+ years of Information Security experience
  • Strong technical background, ideally working on a defensive security engineering team as a software engineer or security specialist. Sample of some of the technology we use here: AWS, Chef, Hadoop, Github Enterprise, Ruby/Java/Python/SQL.
  • Experience working with external auditors on compliance initiatives, or experience being an external auditor
  • Experience representing Security in a M&A during due diligence and post-close
  • Led multiple large cross-organizational initiatives, ideally in support of security compliance (e.g. PCI, ISO 270001, HIPAA, SOC2, SOX). Specific experience working with Engineering, Legal, and Finance teams is a plus.


  • Stock
  • Competitive salaries
  • Quarterly employee travel coupon
  • Paid time off
  • Medical, dental, & vision insurance
  • Life insurance and disability benefits
  • Fitness Discounts
  • 401K
  • Flexible Spending Accounts
  • Apple equipment
  • Commuter Subsidies
  • Community Involvement (4 hours per month to give back to the community)
  • Company sponsored tech talks and happy hours
  • Much more...

About Airbnb

Founded in August of 2008 and based in San Francisco, California, Airbnb is a trusted community marketplace for people to list, discover, and book unique accommodations around the world — online or from a mobile phone. Whether an apartment for a night, a castle for a week, or a villa for a month, Airbnb connects people to unique travel experiences, at any price point, in more than 33,000 cities and 192 countries. 

Want to learn more about Airbnb? Visit https://www.airbnb.com/