Airbnb was born in 2007 when two hosts welcomed three guests to their San Francisco home, and has since grown to over 5 million hosts who have welcomed over 2 billion guest arrivals in almost every country across the globe. Every day, hosts offer unique stays and experiences that make it possible for guests to connect with communities in a more authentic way. The Community You Will Join: At Airbnb, we want to build a world where anyone can belong anywhere – and the first step in that direction is creating a community that’s open, inclusive, and built on trust. In a world where our digital presence and identity is as important as our physical presence, we believe that a fundamental part of earning this trust is by ensuring that we protect our users, the data they entrust to us, and our infrastructure. At Airbnb, our Information Security practices, and resulting trust, are part of the reason the world chooses to use and continue using our products. The Information Security team plays a critical role in maintaining and building our community’s trust in our platform that enables millions of users to explore the world and belong anywhere. As a critical horizontal function within Airbnb, Information Security spans the scope of the company and organizations that make it up to secure Airbnb giving anyone who joins the team the ability to see all aspects of the business. The Difference You Will Make: As a Staff Security Engineer specializing in Data Security, you will be the primary architect and owner of Airbnb’s data protection strategy. You’ll partner with senior leaders across Information Security, Engineering, Product, Legal, Privacy, and compliance to design, implement, and enforce robust protections, driving the vision for data security throughout the organization.

A Typical Day

• Define, drive, and continuously evolve a comprehensive data security strategy protecting data at rest (online/offline), in transit, and when shared with third parties. Set the long-term vision and roadmap for data security at Airbnb working with partners to execute on the vision and roadmap.
• Design and oversee the implementation of scalable, resilient protections for secure data storage and transfer, including encryption, key management, access controls, and secure data sharing frameworks. Provide expert guidance to engineering teams and influence architecture and system design decisions.
• Establish and enforce policies, standards, and technical solutions for secure data transfer and integration with external partners, vendors, and APIs, while also ensuring Airbnb’s compliance with global regulatory requirements.
• Lead risk assessments and data security reviews for critical systems, products, and partners. Collaborate with Security Compliance, Privacy, and Legal to ensure the practical compliance with the highest standards of global data protection laws (GDPR, CCPA, etc.).
• Partner with security and engineering response teams to contribute to technical investigations of significant data security incidents, perform root cause analysis, and champion remediation. Use these incidents as a way to drive continuous improvement efforts to strengthen data security maturity.
• Mentor, coach, and up-level engineers across the organization on data security best practices. Develop and deliver training materials and documentation to empower both technical and non-technical teams.
• Stay at the forefront of developments in data security. Influence Airbnb’s internal and external security posture by participating in industry forums, adopting emerging technologies, and publishing best practices.

Your Expertise

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field (or equivalent practical experience).
• 9+ years in security engineering roles, with deep expertise in data security.
• Deep, hands-on expertise with encryption, key management, secure data storage, secure data transfer, data loss prevention, and security in cloud environments.
• Strong understanding of global data protection and privacy regulations (e.g., GDPR, CCPA, PCI-DSS, SOC2).
• Demonstrated technical excellence in designing, building, and scaling data security solutions across complex, distributed systems. Ability to independently identify and solve the most challenging, ambiguous technical problems that have broad organizational impact.
• Track record of owning and delivering long-term, cross-functional projects and roadmaps in the area of data protection - directly driving key business outcomes.
• Proven experience leading cross-functional initiatives and influencing organizational direction and architecture.
• Exceptional communication, collaboration, and stakeholder management skills. Experience interacting confidently and credibly with executives, non-technical partners, and external stakeholders, clearly articulating risk and technical tradeoffs.
• Demonstrated commitment to fostering an inclusive, high-performing culture by developing others, promoting best practices, and leading by example in both technical and interpersonal domains.

Benefits

• Bonus
• Equity
• Benefits
• Employee Travel Credits

How We'll Take Care of You

$204,000—$255,000 USD