Key skills
Security Compliance EngineeringSOC 2ISO 27001PCI DSSCloud Security ControlsIAMVulnerability ManagementChange ManagementCommunication SkillsCross-Functional LeadershipAWSGCPSDLCCommunicationCloud Security
About this role
Airbnb is a global platform that connects hosts and guests for unique stays and experiences. The Sr. Staff Security Compliance Engineer will lead Airbnb's security compliance engineering efforts, aligning compliance obligations with practical engineering solutions and collaborating with various teams to ensure security and compliance outcomes.
Responsibilities:
- Own and evolve the security compliance engineering roadmap, aligning security controls with business priorities and risk appetite
- Serve as a technical authority on security compliance domains (e.g., SOC 2, ISO 27001, PCI DSS, SOX, GDPR/Privacy adjacent controls, internal security standards)
- Define control objectives, success metrics, and maturity models; drive improvements through measurable outcomes
- Partner to design, implement, and easily testable scaled controls (preventive/detective) across Airbnb’s technical environments and business processes
- Drive building and maintaining evidence automation and continuous compliance mechanisms (e.g., control monitoring, configuration validation, policy-as-code, automated attestations)
- Partner with platform teams to embed compliance requirements into existing paved paths limiting bespoke workflows and implementations
- Work closely with security policy, risk, compliance, and broader audit functions to define relevant assessment and audit plans for needed areas ensuring they are testable, repeatable, and low-friction
- Lead complex, cross-org initiatives to remediate control gaps and reduce audit burden through engineering-first solutions
- Provide consultation and hands-on support for product launches, architectural reviews, and high-risk changes requiring compliance alignment
Requirements:
- 12+ years of experience in security engineering, compliance engineering, platform security, or related domains (or equivalent practical experience)
- Proven experience leading large-scale, cross-functional security or compliance initiatives with measurable outcomes
- Strong understanding of at least two of the following frameworks/areas: SOC 2 / ISO 27001, PCI DSS, SOX ITGC / access controls, Cloud security controls (AWS/GCP), IAM, logging/monitoring, Secure SDLC controls, vulnerability management, change management
- Demonstrated ability to translate compliance requirements into practical engineering deliverables (systems, automation, monitoring, workflows)
- Strong written and verbal communication skills; ability to drive alignment across Engineering, Security, and GRC stakeholders
- BS, MS or PhD in CS or related field is preferred