Listing Description
How We Are Different
Threat Intelligence: Instead of solely relying on atomic indicators (MD5, IP, Domain), we translate raw intelligence from public and commercial threat reports into actionable detection rules that focus on TTPs. We utilize MITRE’s ATT&CK framework to reason about breadth, depth and areas for improvement. We carefully reason about what we are uniquely positioned to do and where we can leverage industry partners and vendors.
Security Operations: We have all seen bad SOCs: large numbers of analysts, hundreds to thousands of alerts, IT environment centric (production is ignored), heavy emphasis on network logs and appliances, repetitive work, and limited autonomy and career progression. Our team focuses on automation, high fidelity rules w/tests and autonomy of the entire lifecycle: intelligence -> rule development -> deployment -> triage -> incident response. You won’t find an alert queue with hundreds of low fidelity alerts here. Rules include enough context so a majority of them can be triaged via a mobile application.
Incident Response: You are expected to drive incidents to resolution quickly through pre-deployed infrastructure, products, automation and playbooks, not one-off manual SIEM queries.
Redteaming: We know the difference between a pentest and a redteam. Using existing trust and rapport the team has already developed, you will challenge existing assumptions, technologies and processes and identify ways to improve Airbnb’s security posture.
Scope: You are responsible for all corporate and production environments, which includes Windows, macOS & Linux systems, supporting networks, applications, and all therein.
Quality: You will see it in our blog posts and our open source projects: we care a lot about quality. We expect you will meet or raise this bar.Threat Intelligence: Detecting and responding to evolving threats requires up-to-date threat intelligence. Your team will collect, develop, refine and deploy Threat Intelligence to products like StreamAlert and BinaryAlert. Your team will also develop threat reports to inform stakeholders, projects and priorities.
Security Operations: It's important to detect security incidents before they cause material damage to the business. Your team will prioritize, analyze and drive alerts to resolution. In the event an alert is identified as a security incident, you will kick off Incident Response.
Incident Response: Your team will rapidly scope, contain and eradicate threats, minimizing financial, legal, business and reputational losses. Services include but are not limited to log analysis, memory and disk forensics, reverse engineering, network containment, threat eradication and postmortems. You will also develop and refine processes, plans and procedures and partner closely with Legal, Comms and other stakeholders across the business.
Redteaming: Your team will run redteams (attack simulations) to measure our ability to prevent, detect and respond to real-world attacks. You will identify areas for improvement in people, process and technology and prioritize these efforts, collaborating with stakeholders.
Listing Details
- Citizenship: No Requirements
- Incentives: Stock Options
- Education: No Requirements
- Travel: No Travel
- Telework: No Telecommute