There is much more that we want to build and so much that we could improve. Airbnb is a global marketplace trusted with payment and personal data. We value strong engineers who are agile enough to jump into these projects in which we must meet specific industry and regulatory standards.
What are examples of work that Product Security Engineers have done at Airbnb?
Author & maintain core security/authentication/authorization libraries and frameworks.
Building new tools to detect vulnerabilities via static analysis, automated scanning, etc.
Implementation of two-factor authentication for internal systems; standardized identity and access management
Work across functions to ensure the security of the entire production ecosystem.
Help design and review security-sensitive aspects of the system.
Train new engineers and evangelize good security habits; ensure best practices (in technology or education/outreach).
Regular collaboration with third-party penetration-testing firms
Attend security conferences
Contribute to open source
Publish security research
The following are some examples of profiles that are relevant to us:
Ruby-on-Rails in production environments
Strong Java experience
Exposure to architectural patterns of a large, high-scale web application
Demonstrated design and UX sensibilities
Rigor in A/B testing, test coverage, and other web best practices
Interest in security in an agile, cloud based environment