CrawlJobs Logo

Engineering Manager, Investigations and Incident Response

airbnb.com Logo

Airbnb

Location Icon

Location:
United States

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

204000.00 - 255000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

The Threat Detection and Response team (TDR) at Airbnb is focused on automating security detection, responding to security incidents, and working with partner teams to build capabilities that support the incident lifecycle. This is the front-line team that detects, investigates, and responds to security threats and malicious activity. We are seeking an Engineering Manager to lead our Investigations & Incident Response team within a mature Threat Detection & Response organization. This is a key role that combines incident response leadership, strategic ownership, and engineering-informed scale.

Job Responsibility:

  • Define and execute new approaches to detecting, containing, and mitigating security threats and incidents
  • Own incident response and investigation outcomes, leading end-to-end response across identification, containment, eradication, and recovery
  • Shape how the team operates—evolving operating models, guiding execution during incidents, and scaling through thoughtful use of automation and engineering
  • Define and drive the strategy for a modern incident response function
  • Assess current capabilities and chart the path forward across people, process, and technology
  • Scale the function through automation, tooling, and improved workflows
  • Serve as a key voice to senior leadership, communicating incident trends, risks, and strategic direction
  • Lead and mentor a diverse team of ~5+ senior engineers
  • Partner with Security Platform and Detection Engineering teams to enhance telemetry, context, and response capabilities
  • Coach and develop team members, help them grow their careers, technical expertise, and collaboration skills
  • Act as a senior escalation point during high-severity or complex incidents
  • Ensure consistent, high-quality investigations with strong root cause analysis
  • Establish clear priorities that balance speed, depth, and risk reduction
  • Improve escalation paths, ownership clarity, and cross-functional coordination
  • Use incident data to influence security priorities and investment decisions
  • Partner closely with partner teams within Information Security to ensure incident learnings are shared
  • Work with infrastructure, product, and engineering teams to drive effective remediation
  • Define and track key metrics such as MTTD, MTTR, incident severity, and recurrence
  • Ensure clear communication during incidents to senior and executive leadership

Requirements:

  • 9+ years of industry experience in threat detection and incident response
  • Minimum of 3-5 years in engineering management
  • Experience shaping or evolving incident response programs in complex environments
  • Exceptional people management and mentorship skills, with a history of recruiting, developing and retaining top talent
  • Strong understanding of attacker behavior and frameworks such as MITRE ATT&CK
  • Experience and understanding of technologies such as EDR, SIEM, cloud environments, and investigation workflows
  • Experience in cloud-native environments (AWS, GCP, Azure)
  • Ability to analyze ambiguous situations and make sound, timely decisions
  • Comfort partnering with engineering teams to build scalable solutions
  • Ability to operate at both strategic and tactical levels, from executive communication to incident leadership
  • Experience defining team strategy, priorities, and operating models
  • Strong judgment in risk assessment, escalation, and trade-offs
  • Excellent communication skills across technical and executive audiences
  • Must live in a state where Airbnb, Inc. has a registered entity (excluding Alaska, Mississippi, and North Dakota)
What we offer:
  • bonus
  • equity
  • benefits
  • Employee Travel Credits

Additional Information:

Job Posted:
April 01, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
Airbnb - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Engineering Manager, Investigations and Incident Response

Senior Product Manager - Incident Response

At Corelight, we believe that the best approach to cybersecurity risk starts wit...
Location
Location
United States
Salary
Salary:
182000.00 - 219000.00 USD / Year
https://corelight.com/ Logo
Corelight
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in cybersecurity, with a strong focus on enterprise security workflows, policy management, or asset intelligence
  • 3+ years in product management or a similar role, driving roadmap and feature execution
  • Experience with security operations (SOC), including detection tuning, policy frameworks, and compliance needs
  • Strong understanding of network security monitoring, intrusion detection, and enterprise security architecture
  • Familiarity with CMDB, CAASM, or asset intelligence tools and their role in security operations
  • Strong knowledge of SOC workflows and security event triage processes
  • Experience working with enterprise IT/security leaders (CISO, SOC Managers, Compliance Teams) to align security policies with operational needs
  • Ability to work cross-functionally with engineering, UX, and customers to deliver scalable solutions
Job Responsibility
Job Responsibility
  • Own the policy and asset database roadmap within the Investigator platform, ensuring device groups and policy assignment work seamlessly together
  • Develop tuning mechanisms that max granular tuning of policy quick and easy
  • Develop custom prioritization engines with great defaults but a focus on putting the power in the customer’s hands
  • Build out powerful CMDB/CAASM-like asset management capabilities to improve everything from policy assignment to triage context
  • Work with SOC teams and CISOs to validate policy workflows and ensure the platform meets oversight and compliance needs
  • Collaborate with sales and customers to prioritize features that have the biggest impact on security operations
  • Write detailed product requirements, ensuring engineering has a clear understanding of expectations
  • Work closely with team members to ensure policy workflows support effective detection and investigation processes
  • Drive executive reporting to support SOC leadership in tracking detection effectiveness
What we offer
What we offer
  • Equity
  • Additional benefits
  • Fulltime
Read More
Arrow Right

Senior Security Incident Response Analyst

We are looking for an Incident Responder with robust technical skills, expertise...
Location
Location
Poland , Gdańsk
Salary
Salary:
256000.00 - 342000.00 PLN / Year
https://www.atlassian.com Logo
Atlassian
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in security domains like Operations, Incident Response, Detection Engineering, Threat Research, or Engineering, with relevant incident response and investigation experience
  • Proficiency in modern programming languages (Python, Ruby, Java, Go) or scripting for security tasks
  • Experience with AWS, GCP, or similar cloud platforms
  • Experience in building and delivering projects from start to finish
  • Expertise in areas such as malware analysis, forensics, threat hunting, network analysis, or cloud endpoint analysis
  • Contributions to the security community or open source projects
  • Capable of explaining technical issues to non-technical stakeholders
Job Responsibility
Job Responsibility
  • Security Incident Management: Act as an escalation point, collaborate with partners, communicate updates, and work towards resolution. Participate in on-call roster and conduct post-incident reviews to analyze causes and recommend improvements
  • Investigation and Analysis: Investigate log data from multiple sources for signs of compromise, conduct threat hunts, research threat actor tools and tactics, and lead evidence collection and forensic analysis
  • Technical Solutions and Automation: Provide technical solutions to reduce incidents, build and maintain tools for automation, and develop security incident response guides and procedures
  • Advocacy and Training: Advocate for security best practices and secure coding standards, and conduct tabletop exercises and simulations to test and improve incident response readiness
What we offer
What we offer
  • health and wellbeing resources
  • paid volunteer days
  • Fulltime
Read More
Arrow Right

Security Incident Response Analyst

We are looking for an Incident Responder with robust technical skills, expertise...
Location
Location
Poland , Gdańsk
Salary
Salary:
184500.00 - 246000.00 PLN / Year
https://www.atlassian.com Logo
Atlassian
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience: 3+ years in security domains like Operations, Incident Response, Detection Engineering, Threat Research, or Engineering, with relevant incident response and investigation experience
  • Technical Skills: Proficiency in modern programming languages (Python, Ruby, Java, Go) or scripting for security tasks
  • experience with AWS, GCP, or similar cloud platforms
  • Project Management: Experience in building and delivering projects from start to finish
  • Specialization: Expertise in areas such as malware analysis, forensics, threat hunting, network analysis, or cloud endpoint analysis
  • Community Engagement: Contributions to the security community or open source projects
  • Communication: Capable of explaining technical issues to non-technical stakeholders
Job Responsibility
Job Responsibility
  • Security Incident Management: Act as an escalation point, collaborate with partners, communicate updates, and work towards resolution
  • participate in on-call roster and conduct post-incident reviews to analyze causes and recommend improvements
  • Investigation and Analysis: Investigate log data from multiple sources for signs of compromise, conduct threat hunts, research threat actor tools and tactics, and lead evidence collection and forensic analysis
  • Technical Solutions and Automation: Provide technical solutions to reduce incidents, build and maintain tools for automation, and develop security incident response guides and procedures
  • Advocacy and Training: Advocate for security best practices and secure coding standards, and conduct tabletop exercises and simulations to test and improve incident response readiness
What we offer
What we offer
  • Health and wellbeing resources
  • paid volunteer days
  • equity
  • bonuses
  • commissions
  • Fulltime
Read More
Arrow Right

Research Manager

We are building a world class and uniquely targeted team to drive research throu...
Location
Location
United States
Salary
Salary:
193000.00 - 248000.00 USD / Year
https://corelight.com/ Logo
Corelight
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS in Computer Science or Engineering, or equivalent experience
  • 2+ years of experience managing technical teams performing duties in the areas of security research, incident response, and/or DevOps concepts (e.g. sprint planning, delivery tracking)
  • 5+ years of hands-on experience in at least one technical field of information security
  • security research, and detection engineering are preferred
  • Working knowledge of detection engineering, incident response, and threat hunting
  • experience with Zeek, Suricata, YARA, one or more SIEMs are strongly preferred
  • Working knowledge of software engineering practices
  • experience with Jira, git, and GitLab CICD are strongly preferred
  • Working knowledge of networking concepts and network protocols such as TCP/IP, HTTP, TLS, DNS, Kerberos, SMB
  • Working knowledge of programming in at least two languages
Job Responsibility
Job Responsibility
  • Manage a team of security researchers and detection engineers responsible for investigating, creating, and maintaining detection capabilities, and developing associated software engineering tools
  • Collaborate closely with the rest of the Corelight Labs leadership team to devise, pursue & meet project goals and deadlines
  • Collaborate closely with the Corelight Products and Engineering teams to coordinate cross-team projects
  • Fulltime
Read More
Arrow Right

Senior Information Security Engineer

This role is your opportunity to lead the charge in maturing e2Open’s security p...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
blumeglobal.com Logo
Blume Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A proven track record in SIEM operations, vulnerability management, and incident response
  • Hands-on experience configuring and running security tools
  • Strong automation skills (e.g., scripting, orchestration)
  • The ability to lead through influence, guiding teams to adopt better practices
  • Experience navigating the challenges of complex, fast-changing environments (M&A exposure a plus)
  • Formal qualifications (CISSP, CISM, or equivalent) are valued
Job Responsibility
Job Responsibility
  • Configure, tune, and operate SIEM platforms to improve detection, response, and visibility
  • Lead vulnerability scanning and remediation
  • Take point in managing security incidents — from detection through investigation and resolution
  • Run and maintain key security tools
  • Drive automation-first approaches
  • Collaborate with engineering and IT teams to embed security into operations and culture
  • Help shape the roadmap for security maturity within e2Open
Read More
Arrow Right

Security Operation Engineer

The Security Operation Engineer is responsible for ensuring the security and int...
Location
Location
Malaysia , Kuala Lumpur
Salary
Salary:
Not provided
https://www.allianz.com Logo
Allianz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in computer science, information technology, cybersecurity, or a related field
  • Proven experience in information security, network security, or a related role
  • Strong understanding of security principles, practices, and technologies
  • Experience with security monitoring and incident response tools and technologies
  • Proficiency in scripting or programming languages (e.g., Python, PowerShell) for automation tasks
  • Familiarity with cloud security and security frameworks (e.g., NIST, ISO 27001)
  • Strong analytical and problem-solving skills
  • Excellent communication and interpersonal skills
  • Ability to work independently and as part of a team
  • Certifications in security or related areas (e.g., Certified Information Systems Security Professional - CISSP, Certified Ethical Hacker - CEH) are a plus
Job Responsibility
Job Responsibility
  • Monitor security systems and alerts to detect and respond to potential security incidents and threats
  • Investigate and respond to security incidents, conducting root cause analysis and implementing corrective actions
  • Conduct regular vulnerability assessments and penetration tests to identify and remediate security weaknesses
  • Deploy, configure, and maintain security tools and technologies, such as firewalls, intrusion detection/prevention systems, endpoint security and SIEM solutions
  • Assist in the development and enforcement of security policies, procedures, and standards to ensure compliance with industry regulations and best practices
  • Maintain accurate documentation of security incidents, processes, and configurations
  • Work closely with IT, network, and application teams to ensure security is integrated into all aspects of the organization's technology environment
  • Stay up-to-date with emerging security threats and trends, and recommend enhancements to improve the organization's security posture
  • Any other duties when deemed necessary
  • Completing projects on various issues when needed
  • Fulltime
Read More
Arrow Right

NOC Monitoring Engineer-Infrastructure Management

Project Description: Experience in Service Desk Management and Voice Support wit...
Location
Location
India , Noida
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Excellent customer service skills with a high level of focus on quality
  • First Point of Contact: Serve as the initial point of contact for end-users seeking technical assistance via phone, email, or in-person
  • Monitor IT infrastructure and applications using tools like CTLM, Centreon, Zabbix, and ITSM platforms (ServiceNow, SMAX)
  • Handle incidents, alerts, and requests via ticketing tools, providing first-line fixes or escalating to L2/L3 as needed
  • Log and document incidents, generate reports, and track recurring issues to identify trends and potential problems
  • Maintain ITIL-compliant procedures and update service documents, SOPs, and KB articles
  • Develop dashboards for uptime, availability, and utilization metrics for infrastructure and applications
  • Collaborate with the monitoring team, manage shifts, and provide training and documentation support
  • Maintain and Update Service Documents and SOP
  • Responsible for identifying potential problems and/or trends of repetitive Incidents
Job Responsibility
Job Responsibility
  • Monitor the events or alerts on monitoring tools, perform initial investigation, and raise with the Support team
What we offer
What we offer
  • Commitment to fighting against all forms of discrimination
  • Inclusive and respectful work environment
  • Open to people with disabilities
Read More
Arrow Right

Security Operations Manager

As the Security Operations Manager, you will lead Cyera’s security operations fu...
Location
Location
United States , St. Louis
Salary
Salary:
Not provided
cyera.io Logo
Cyera
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6–8 years of progressive experience in security operations, incident response, or threat management roles
  • 2+ years of experience managing or leading a SOC or security operations function
  • Deep technical understanding of modern security tools and technologies (SIEM, EDR, SOAR, IDS/IPS, CSPM, vulnerability scanners)
  • Strong knowledge of cloud security (AWS, Azure, GCP) and modern DevSecOps practices
  • Proven ability to lead cross-functional incident response efforts and drive resolution under pressure
  • Excellent communication, leadership, and stakeholder management skills
  • Solid understanding of compliance frameworks (SOC 2, ISO 27001, NIST, etc.)
Job Responsibility
Job Responsibility
  • Own the Security Operations function, including 24/7 monitoring, detection, triage, and incident response
  • Develop and maintain Cyera’s Security Operations Center (SOC) processes, playbooks, and escalation paths
  • Lead investigations of security alerts and incidents, ensuring timely response, containment, and remediation
  • Manage and continuously improve security tooling (SIEM, EDR, SOAR, vulnerability management, etc.)
  • Build and mentor a high-performing team of security analysts and engineers
  • Partner with Engineering, IT, and Product to embed security into all stages of the development lifecycle
  • Conduct regular threat modeling, risk assessments, and post-incident reviews to identify and mitigate systemic weaknesses
  • Oversee vulnerability management and coordinate patching or mitigations across infrastructure and SaaS environments
  • Collaborate with Compliance to support audit readiness (SOC 2, ISO 27001, GDPR, etc.) and maintain evidence of operational controls
  • Develop and report security KPIs and metrics to leadership and key stakeholders
What we offer
What we offer
  • Ability to work remotely, with office setup reimbursement
  • Competitive salary
  • Unlimited PTO
  • Paid holidays and sick time
  • Health, vision, and dental insurance
  • Life, short and long-term disability insurance
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog Salaries About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy