Key skills
AWSCloudGoogle Cloud PlatformSDLCGCPGoogle CloudIAMChange ManagementCommunicationCloud Security
About this role
Role Overview
- Own and evolve the security compliance engineering roadmap, aligning security controls with business priorities and risk appetite.
- Serve as a technical authority on security compliance domains (e.g., SOC 2, ISO 27001, PCI DSS, SOX, GDPR/Privacy adjacent controls, internal security standards).
- Define control objectives, success metrics, and maturity models; drive improvements through measurable outcomes.
- Partner to design, implement, and easily testable scaled controls (preventive/detective) across Airbnb’s technical environments and business processes.
- Drive building and maintaining evidence automation and continuous compliance mechanisms (e.g., control monitoring, configuration validation, policy-as-code, automated attestations).
- Partner with platform teams to embed compliance requirements into existing paved paths limiting bespoke workflows and implementations.
- Work closely with security policy, risk, compliance, and broader audit functions to define relevant assessment and audit plans for needed areas ensuring they are testable, repeatable, and low-friction.
- Lead complex, cross-org initiatives to remediate control gaps and reduce audit burden through engineering-first solutions.
- Provide consultation and hands-on support for product launches, architectural reviews, and high-risk changes requiring compliance alignment.
Requirements
- 12+ years of experience in security engineering, compliance engineering, platform security, or related domains (or equivalent practical experience)
- BS, MS or PhD in CS or related field is preferred
- Proven experience leading large-scale, cross-functional security or compliance initiatives with measurable outcomes.
- Strong understanding of at least two of the following frameworks/areas:
- SOC 2 / ISO 27001
- PCI DSS
- SOX ITGC / access controls
- Cloud security controls (AWS/GCP), IAM, logging/monitoring
- Secure SDLC controls, vulnerability management, change management
- Demonstrated ability to translate compliance requirements into practical engineering deliverables (systems, automation, monitoring, workflows).
- Strong written and verbal communication skills; ability to drive alignment across Engineering, Security, and GRC stakeholders.
Tech Stack
- AWS
- Cloud
- Google Cloud Platform
- SDLC
Benefits
- This role may also be eligible for bonus, equity, benefits, and Employee Travel Credits.