Engineering Manager, Investigations and Incident Response

Airbnb

9h•Remote

About The Position

Airbnb was born in 2007 when two hosts welcomed three guests to their San Francisco home, and has since grown to over 5 million hosts who have welcomed over 2 billion guest arrivals in almost every country across the globe. Every day, hosts offer unique stays and experiences that make it possible for guests to connect with communities in a more authentic way. The Community You Will Join: The Threat Detection and Response team (TDR) at Airbnb is focused on automating security detection, responding to security incidents, and working with partner teams to build capabilities that support the incident lifecycle. This is the front-line team that detects, investigates, and responds to security threats and malicious activity. We are seeking an Engineering Manager to lead our Investigations & Incident Response team within a mature Threat Detection & Response organization. This is a key role that combines incident response leadership, strategic ownership, and engineering-informed scale. The Difference You Will Make: You will define and execute new approaches to detecting, containing, and mitigating security threats and incidents, while driving the next stage of maturity for our investigations and response capabilities. You will own incident response and investigation outcomes, leading end-to-end response across identification, containment, eradication, and recovery. You’ll shape how the team operates—evolving operating models, guiding execution during incidents, and scaling through thoughtful use of automation and engineering. You will define and drive the strategy for a modern incident response function, ensuring high-quality investigations and that every incident leads to meaningful improvements in our detection and response capabilities. You’ll assess current capabilities and chart the path forward across people, process, and technology, evolving the operating model to support effective global response. You will scale the function through automation, tooling, and improved workflows—solving repeatable problems with systems, not manual effort. You will serve as a key voice to senior leadership, communicating incident trends, risks, and strategic direction, and partner across the company to turn incident learnings into durable security improvements resulting in removal of entire classes of problems.

Requirements

9+ years of industry experience in threat detection and incident response, with a minimum of 3-5 years in engineering management.
Experience shaping or evolving incident response programs in complex environments
Exceptional people management and mentorship skills, with a history of recruiting, developing and retaining top talent
Strong understanding of attacker behavior and frameworks such as MITRE ATT&CK
Experience and understanding of technologies such as EDR, SIEM, cloud environments, and investigation workflows
Experience in cloud-native environments (AWS, GCP, Azure)
Ability to analyze ambiguous situations and make sound, timely decisions
Comfort partnering with engineering teams to build scalable solutions
Ability to operate at both strategic and tactical levels, from executive communication to incident leadership
Experience defining team strategy, priorities, and operating models
Strong judgment in risk assessment, escalation, and trade-offs
Excellent communication skills across technical and executive audiences

Responsibilities

Lead and mentor a diverse team of ~5+ senior engineers
Partner with Security Platform and Detection Engineering teams to enhance telemetry, context, and response capabilities, and collaborate closely with key teams in Infrastructure Security, Application Security, Infrastructure teams, Legal, Privacy, Global Safety and Security, and Engineering teams across the organization.
Coach and develop team members, help them grow their careers, technical expertise, and collaboration skills.
Act as a senior escalation point during high-severity or complex incidents
Ensure consistent, high-quality investigations with strong root cause analysis
Establish clear priorities that balance speed, depth, and risk reduction
Improve escalation paths, ownership clarity, and cross-functional coordination
Use incident data to influence security priorities and investment decisions
Partner closely with partner teams within Information Security to ensure incident learnings are shared and added to roadmaps for security risk reduction
Work with infrastructure, product, and engineering teams to drive effective remediation
Define and track key metrics such as MTTD, MTTR, incident severity, and recurrence
Ensure clear communication during incidents to senior and executive leadership including updates on insights from incident patterns, trends, and emerging risks