Senior Staff Engineer, Security Compliance
Airbnb
Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
About Airbnb
Airbnb was born in 2007 when two hosts welcomed three guests to their San Francisco home, and has since grown to over 5 million hosts who have welcomed over 2 billion guest arrivals in almost every country across the globe. Every day, hosts offer unique stays and experiences that make it possible for guests to connect with communities in a more authentic way.
The Community You Will Join
At Airbnb, we want to build a world where anyone can belong anywhere – and the first step in that direction is creating a community that’s open, inclusive, and built on trust. In a world where our digital presence and identity is as important as our physical presence, we believe that a fundamental part of earning this trust is by ensuring that we protect our users, the data they entrust to us, and our infrastructure. At Airbnb, our Information Security practices, and resulting trust, are part of the reason users choose to use and continue using our products.The Information Security team plays a critical role in maintaining and building our community’s trust in our platform that enables millions of users to explore the world and belong anywhere. As a critical horizontal function within Airbnb, Information Security spans the scope of the company and organizations that make it up to secure Airbnb giving anyone who joins the team the ability to see all aspects of the business.
The Difference You Will Make
As a Senior Staff Engineer, Security Compliance, you will lead the strategy and execution of Airbnb’s security compliance engineering efforts effectively bridging security compliance obligations (both internal and external) with practical engineering solutions to achieve both business objectives and compliance outcomes.You will operate as a technical leader across Security, Engineering, Legal, Privacy, Risk, and Audit teams. This role is ideal for someone who can translate ambiguous compliance obligations into clear, practical technical requirements while partnering to achieve relevant outcomes. Security Compliance should help secure Airbnb, not burden it unnecessarily.
A Typical Day as a Senior Staff Engineer, Security Compliance
- Own and evolve the security compliance engineering roadmap, aligning security controls with business priorities and risk appetite.
- Serve as a technical authority on security compliance domains (e.g., SOC 2, ISO 27001, PCI DSS, SOX, GDPR/Privacy adjacent controls, internal security standards).
- Define control objectives, success metrics, and maturity models; drive improvements through measurable outcomes.
- Partner to design, implement, and easily testable scaled controls (preventive/detective) across Airbnb’s technical environments and business processes.
- Drive building and maintaining evidence automation and continuous compliance mechanisms (e.g., control monitoring, configuration validation, policy-as-code, automated attestations).
- Partner with platform teams to embed compliance requirements into existing paved paths limiting bespoke workflows and implementations.
- Work closely with security policy, risk, compliance, and broader audit functions to define relevant assessment and audit plans for needed areas ensuring they are testable, repeatable, and low-friction.
- Lead complex, cross-org initiatives to remediate control gaps and reduce audit burden through engineering-first solutions.
- Provide consultation and hands-on support for product launches, architectural reviews, and high-risk changes requiring compliance alignment.
Your Expertise
- 12+ years of experience in security engineering, compliance engineering, platform security, or related domains (or equivalent practical experience).
- BS, MS or PhD in CS or related field is preferred.
- Proven experience leading large-scale, cross-functional security or compliance initiatives with measurable outcomes.
- Strong understanding of at least two of the following frameworks/areas: SOC 2 / ISO 27001, PCI DSS, SOX ITGC / access controls, Cloud security controls (AWS/GCP), IAM, logging/monitoring, Secure SDLC controls, vulnerability management, change management.
- Demonstrated ability to translate compliance requirements into practical engineering deliverables (systems, automation, monitoring, workflows).
- Strong written and verbal communication skills; ability to drive alignment across Engineering, Security, and GRC stakeholders.
Your Location
This position is US - Remote Eligible. The role may include occasional work at an Airbnb office or attendance at offsites, as agreed to with your manager. While the position is Remote Eligible, you must live in a state where Airbnb, Inc. has a registered entity. Click here for the up-to-date list of excluded states. This list is continuously evolving, so please check back with us if the state you live in is on the exclusion list . If your position is employed by another Airbnb entity, your recruiter will inform you what states you are eligible to work from.Our Commitment To Inclusion & Belonging
Airbnb is committed to working with the broadest talent pool possible. We believe diverse ideas foster innovation and engagement, and allow us to attract creatively-led people, and to develop the best products, services and solutions. All qualified individuals are encouraged to apply.We strive to also provide a disability inclusive application and interview process. If you are a candidate with a disability and require reasonable accommodation in order to submit an application, please contact us at: reasonableaccommodations@airbnb.com. Please include your full name, the role you’re applying for and the accommodation necessary to assist you with the recruiting process. We ask that you only reach out to us if you are a candidate whose disability prevents you from being able to complete our online application.
How We'll Take Care Of You
Our job titles may span more than one career level. The actual base pay is dependent upon many factors, such as: training, transferable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future. This role may also be eligible for bonus, equity, benefits, and Employee Travel Credits.Pay Range
$244,000—$305,000 USD
Key skills/competency
- Security Compliance
- Engineering Leadership
- Cloud Security (AWS/GCP)
- SOC 2 / ISO 27001
- PCI DSS / SOX ITGC
- Evidence Automation
- Risk Management
- Policy-as-Code
- Cross-functional Collaboration
- Secure SDLC
How to Get Hired at Airbnb
- Research Airbnb's culture: Study their mission, values, recent news, and employee testimonials on LinkedIn and Glassdoor to align with their community-focused approach.
- Tailor your resume for compliance: Highlight extensive experience in security compliance engineering, specific frameworks like SOC 2, ISO 27001, PCI DSS, and your track record in automation and cross-functional leadership.
- Showcase technical compliance expertise: Prepare to discuss how you've translated complex regulatory requirements into practical, scalable engineering solutions and driven measurable security outcomes.
- Emphasize collaboration and leadership: Provide examples of leading complex, cross-organizational initiatives, working with legal, risk, audit, and engineering teams, and communicating technical concepts to diverse stakeholders effectively.
- Demonstrate problem-solving for audit reduction: Be ready to articulate how you've leveraged engineering-first approaches to reduce audit burden and remediate control gaps efficiently within a large-scale environment like Airbnb's.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background