Airbnb is built on trust. Our security team works hard to improve the security of our platform that enables millions of users to explore the world.

We are looking for people who want to make the Airbnb platform safer for millions of users around the world. We’d love to talk to you if you’re a talented individual who is passionate about finding security weaknesses and crafting scalable and usable solutions. We are enablers who make it easier for engineers to create secure features, not blockers. We have generalist infosec roles, as well as more specialized roles around penetration testing, threat modeling and security reviews, incident response, and development-focused roles that build security tooling. If that mission sounds exciting to you, please reach out!

What are some examples of application security work at Airbnb?

• Working to identify areas of security weakness. This could mean manual penetration testing or bigger projects that provide some automation for finding vulnerabilities.
• Improving data security through use of encryption/key management, segregation, or other techniques
• Finding ways to improve defense-in-depth.
• Helping engineers design more secure systems via design input or code review
• Security review and consultations involved from product early stage. 
• Work with Compliance Analyst to do technical evaluation on compliance’s technical items.
• Handling of CN specific security issues (bug bounty and internal) as well as investigate CN specific functions incidents.

The following experience is relevant to us:

• Strong understanding of web or mobile application security
• Domain expert on China authentication modes, e.g.WeChat login, WeChatPay, AliPay, etc.
• Experience on an internal application security team
• Pentesting experience
• Coding ability and experience with architectural patterns of large, high-scale applications
• Strong communication skills. Did you patiently train your relatives and friends how to use Chrome and enable click to play? Awesome, me too.
• 4+ years experience in security engineering, or a related discipline

Role: 

• Eventually lead a team of security engineers working on:
• Developing tooling and frameworks to secure our products throughout the entire SDLC (static analysis, CSRF/XSS prevention libraries, CSP, code hardening efforts, etc)
• Security reviews and threat modeling across the entire company (new products, acquisitions, vendor integrations, etc)
• Security architecture, design, and code reviews across engineering
• Establishing security goals across other departments
• Penetration tests conducted by internal engineers and third-party security firms
• Responsible disclosure (bug bounty) program triage
• Providing security training and promoting a culture of security across the engineering and product teams
• Requirements
• Depth and breadth of knowledge of security engineering, system and network security, authentication and security protocols, cryptography, and application security

 

Airbnb建立在信任之上。我们的安全团队致力于改善我们平台的安全性，使数百万用户可以探索世界。

我们正在寻找立志于推动Airbnb平台对全球数百万用户更安全的人们。如果您是一个有才华的人，并且热衷于发现安全漏洞并制定可扩展和可用的解决方案，我们很乐意与您联系。我们将会让工程师们能够更轻松地创建安全功能（而不是阻止者）。我们的安全角色有通才和更围绕渗透测试，威胁建模和安全检查，事件响应以及构建安全工具的以开发为中心的角色等更专业的角色。如果这些任务使您感觉令人兴奋，请务必联系我们！

 Airbnb的安全工程师有哪些工作示例？

• 通过手动渗透测试或一些自动化的大型项目，来发现安全薄弱环节。
• 通过使用加密/密钥管理，隔离或其他技术来提高数据安全性。
• 寻找改善深度防御的方法。
• 通过设计输入或代码审查帮助工程师设计更安全的系统。
• 从产品早期阶段开始就进行安全审查和咨询。
• 与法规遵从分析师合作，对法规遵从项目的技术部分进行技术评估。
• 处理中国区的特殊功能的安全性漏洞（漏洞赏金和内部漏洞）以及调查特定于中国区的事件。

以下经验使我们需要的：

• 对Web或移动应用程序安全性有深刻的了解
• 理解中国流程功能安全性，例如微信登录，微信支付，支付宝等
• 内部应用程序安全团队的经验
• 渗透测试经验
• 编码能力和经验
• 较强的沟通能力
• 4年以上安全工程师或相关经验

角色：

本职位最终需要带领安全工程师团队从事以下工作：

• 开发工具和框架以在整个SDLC（静态分析，CSRF / XSS，CSP，代码加固等）中保护我们的产品的安全
• 整个公司的安全审查和威胁建模（新产品，收购，供应商集成等）
• 跨工程的安全架构，设计和代码审查
• 在其他部门之间建立安全目标
• 内部工程师和第三方安全公司进行的渗透测试
• 负责任披露（漏洞赏金）程序分类
• 提供安全培训，并在整个工程和产品团队中推广安全文化