Computer Security Incident Response Team (CSIRT) Manager

Security: Computer Security Incident Response Team (CSIRT) Manager

We are looking for an experienced Incident Response Manager to lead and manage our incident response team and help protect the company. As Incident Response Manager, you will work with engineering teams to lead large-scale, cross-functional projects throughout the organization as well as manage incident and threat response efforts. You will be managing two sub-teams:

  • CSIRT Engineering create new and effective tools to further the mission of our security team and Airbnb. In the last two years, CSIRT:Engineering has built and open sourced several detection tools based on cutting-edge AWS serverless offerings including AWS Lambda, Kinesis, SQS, and more. This includes StreamAlert, a real-time data analysis framework, and BinaryAlert, a real-time malware detection engine.  

         For more details, see our Job Description for CSIRT Engineers here.

  • Threat Intelligence and Response puts heavy emphasis on automation and high-fidelity rules with enough context to be triaged via a mobile application. They work on translating raw intelligence from public and commercial threat reports into actionable detection rules that focus on TTPs. They utilize MITRE’s ATT&CK framework to reason about breadth, depth and areas for improvement. They carefully reason about what they are uniquely positioned to do and where they can leverage industry partners and vendors.

    The team puts heavy emphasis on automation and high-fidelity rules with enough context to be triaged via a mobile application.

    For more details, see our Job Description for Threat Intelligence and Response engineers here.

Relevant Experience:

  • People Development: You have multiple years of experience in people management. You are an effective career coach and can provide mentorship and feedback. You enjoy investing in your teammates and developing career progression plans with them, helping them reach their highest potential.
  • Team Development: You are an effective leader that focuses on efficiency and delivering on expectations. You play an active role in identifying and recruiting junior and senior candidates. You understand when to get your hands dirty and contribute and when to delegate and grow your teammates.
  • Technical Leadership: You have experience in developing and communicating strategies that team(s) execute on. You don’t wait for things to happen to you, you make things happen. You have multiple years of experience in detecting and responding to attacks. You can quickly discern between false positives, true positives, broad crimeware attacks, APT attacks, and know the most effective ways of dealing with the swaths of risks and threats that face a business. Since this is a small team, you’re capable of strong individual contributions.
  • Influence & Communication: You have strong written and verbal communication skills. You can dive into the details with engineers but also speak at the appropriate altitude when working with other organizations and leaders. You have empathy and seek to understand when communicating. This enables you to effectively identify the best path forward and influence how you approach a problem, as well as how other teams may prioritize supporting your work.

Areas of future and continued investment:

  • Data science, analytics, machine learning
  • Host, container, and network instrumentation
  • Big Data, ETL, AWS Athena
  • Serverless Technologies including AWS Lambda and AWS Kinesis

The following are skills and experiences that are relevant to us:

  • Experience with AWS (Lambda, Kinesis, S3, SNS, SQS, EC2, ...)
  • Experience in Software development (Python, Ruby, Golang, Java, C/C++, …)
  • Familiar with version control (Git / Mercurial / SVN)
  • Familiar with Logging infrastructure (Syslog, Fluentd, Logstash)
  • A desire to dive into Big Data, Data Science, Analytics, Machine Learning


  • Stock
  • Competitive salaries
  • Quarterly employee travel coupon
  • Paid time off
  • Medical, dental, & vision insurance
  • Life insurance and disability benefits
  • Fitness discounts
  • 401K
  • Flexible Spending Accounts
  • Apple equipment
  • Commuter subsidies
  • Community involvement (4 hours per month to give back to the community)
  • Company sponsored tech talks and happy hours
  • Breakfast, lunch, and dinner
  • Much more...

Back to top