Senior Staff Engineer, Security Compliance

Airbnb

5h•Remote

About The Position

Airbnb was born in 2007 when two hosts welcomed three guests to their San Francisco home, and has since grown to over 5 million hosts who have welcomed over 2 billion guest arrivals in almost every country across the globe. Every day, hosts offer unique stays and experiences that make it possible for guests to connect with communities in a more authentic way. The Community you will join: At Airbnb, we want to build a world where anyone can belong anywhere – and the first step in that direction is creating a community that’s open, inclusive, and built on trust. In a world where our digital presence and identity is as important as our physical presence, we believe that a fundamental part of earning this trust is by ensuring that we protect our users, the data they entrust to us, and our infrastructure. At Airbnb, our Information Security practices, and resulting trust, are part of the reason users choose to use and continue using our products. The Information Security team plays a critical role in maintaining and building our community’s trust in our platform that enables millions of users to explore the world and belong anywhere. As a critical horizontal function within Airbnb, Information Security spans the scope of the company and organizations that make it up to secure Airbnb giving anyone who joins the team the ability to see all aspects of the business. The difference you will make: As a Sr. Staff Security Compliance Engineer, you will lead the strategy and execution of Airbnb’s security compliance engineering efforts effectively bridging security compliance obligations (both internal and external) with practical engineering solutions to achieve both business objectives and compliance outcomes. You will operate as a technical leader across Security, Engineering, Legal, Privacy, Risk, and Audit teams. This role is ideal for someone who can translate ambiguous compliance obligations into clear, practical technical requirements while partnering with to achieve relevant outcomes. Security Compliance should help secure Airbnb, not burden it unnecessarily.

Requirements

12+ years of experience in security engineering, compliance engineering, platform security, or related domains (or equivalent practical experience)
BS, MS or PhD in CS or related field is preferred
Proven experience leading large-scale, cross-functional security or compliance initiatives with measurable outcomes.
Strong understanding of at least two of the following frameworks/areas: SOC 2 / ISO 27001 PCI DSS SOX ITGC / access controls Cloud security controls (AWS/GCP), IAM, logging/monitoring Secure SDLC controls, vulnerability management, change management
Demonstrated ability to translate compliance requirements into practical engineering deliverables (systems, automation, monitoring, workflows).
Strong written and verbal communication skills; ability to drive alignment across Engineering, Security, and GRC stakeholders.

Responsibilities

Own and evolve the security compliance engineering roadmap, aligning security controls with business priorities and risk appetite.
Serve as a technical authority on security compliance domains (e.g., SOC 2, ISO 27001, PCI DSS, SOX, GDPR/Privacy adjacent controls, internal security standards).
Define control objectives, success metrics, and maturity models; drive improvements through measurable outcomes.
Partner to design, implement, and easily testable scaled controls (preventive/detective) across Airbnb’s technical environments and business processes.
Drive building and maintaining evidence automation and continuous compliance mechanisms (e.g., control monitoring, configuration validation, policy-as-code, automated attestations).
Partner with platform teams to embed compliance requirements into existing paved paths limiting bespoke workflows and implementations.
Work closely with security policy, risk, compliance, and broader audit functions to define relevant assessment and audit plans for needed areas ensuring they are testable, repeatable, and low-friction.
Lead complex, cross-org initiatives to remediate control gaps and reduce audit burden through engineering-first solutions.
Provide consultation and hands-on support for product launches, architectural reviews, and high-risk changes requiring compliance alignment.