Uncubed

Security Threat Intelligence and Response Engineer

Airbnb, San Francisco, California

Who wouldn't want to work here?


The CSIRT: Threat Intelligence & Response team is responsible for effectively detecting and responding to security incidents for Airbnb’s corporate and production environments.

Areas of Responsibility

  • Threat Intelligence: Detecting and responding to evolving threats requires up-to-date threat intelligence. Your team will collect, develop, refine and deploy Threat Intelligence to products like StreamAlert and BinaryAlert. Your team will also develop threat reports to inform stakeholders, projects and priorities.
  • Security Operations: It's important to detect security incidents before they cause material damage to the business. Your team will prioritize, analyze and drive alerts to resolution. In the event an alert is identified as a security incident, you will kick off Incident Response.
  • Incident Response: Your team will rapidly scope, contain and eradicate threats, minimizing financial, legal, business and reputational losses. Services include but are not limited to log analysis, memory and disk forensics, reverse engineering, network containment, threat eradication and postmortems. You will also develop and refine processes, plans and procedures and partner closely with Legal, Comms and other stakeholders across the business.
  • Redteaming: Your team will run redteams (attack simulations) to measure our ability to prevent, detect and respond to real-world attacks. You will identify areas for improvement in people, process and technology and prioritize these efforts, collaborating with stakeholders.

How We Are Different

  • Threat Intelligence: Instead of solely relying on atomic indicators (MD5, IP, Domain), we translate raw intelligence from public and commercial threat reports into actionable detection rules that focus on TTPs. We utilize MITRE’s ATT&CK framework to reason about breadth, depth and areas for improvement. We carefully reason about what we are uniquely positioned to do and where we can leverage industry partners and vendors.
  • Security Operations: We have all seen bad SOCs: large numbers of analysts, hundreds to thousands of alerts, IT environment centric (production is ignored), heavy emphasis on network logs and appliances, repetitive work, and limited autonomy and career progression. Our team focuses on automation, high fidelity rules w/tests and autonomy of the entire lifecycle: intelligence -> rule development -> deployment -> triage -> incident response. You won’t find an alert queue with hundreds of low fidelity alerts here. Rules include enough context so a majority of them can be triaged via a mobile application.
  • Incident Response: You are expected to drive incidents to resolution quickly through pre-deployed infrastructure, products, automation and playbooks, not one-off manual SIEM queries.
  • Redteaming: We know the difference between a pentest and a redteam. Using existing trust and rapport the team has already developed, you will challenge existing assumptions, technologies and processes and identify ways to improve Airbnb’s security posture.
  • Scope: You are responsible for all corporate and production environments, which includes Windows, macOS & Linux systems, supporting networks, applications, and all therein.
  • Quality: You will see it in our blog posts and our open source projects: we care a lot about quality. We expect you will meet or raise this bar.

 Relevant Experience

  • You are able to solve large, complex technical problems
  • You have multiple years of experience in detecting and responding to attacks.
  • You are self-driven, autonomous and can contribute to the strategy and roadmap of the team
  • You have experience in technical mentorship and enjoy collaborating with teammates and industry peers
  • You can code in Python and are capable of contributing meaningful rules to StreamAlert
  • You can write effective YARA rules and are capable of contributing meaningful rules to BinaryAlert
  • You have an attention to detail and care about quality and testing
  • You have excellent written and verbal communication skills; people are delighted when they read your blog posts, threat reports and/or postmortems

Benefits

  • Stock
  • Competitive salaries
  • Quarterly employee travel coupon
  • Paid time off
  • Medical, dental, & vision insurance
  • Life insurance and disability benefits
  • Fitness Discounts
  • 401K
  • Flexible Spending Accounts
  • Apple equipment
  • Commuter Subsidies
  • Community Involvement (4 hours per month to give back to the community)
  • Company sponsored tech talks and happy hours
  • Much more...

About Airbnb

Founded in August of 2008 and based in San Francisco, California, Airbnb is a trusted community marketplace for people to list, discover, and book unique accommodations around the world — online or from a mobile phone. Whether an apartment for a night, a castle for a week, or a villa for a month, Airbnb connects people to unique travel experiences, at any price point, in more than 33,000 cities and 192 countries. 

Want to learn more about Airbnb? Visit https://www.airbnb.com/