# Engineering Manager, Investigations and Incident Response **Company:** [Airbnb](https://hotfix.jobs/companies/airbnb) **Location:** Remote **Salary:** $204K-$255K **Experience:** 9+ years **Skills:** Mitre Att&Ck, Edr, SIEM, AWS, GCP, Azure, Incident Response, Threat Detection, Cloud Security, Investigation Workflows **Posted:** 2026-03-24 > Leads engineering team in investigations and incident response for security threats at Airbnb. Owns strategy, operations, and scaling via automation; requires 9+ years in threat detection/response and 3-5 years management, with expertise in EDR, SIEM, MITRE ATT&CK, and cloud environments. ## Job Description ## Responsibilities - Define and execute approaches to detecting, containing, and mitigating security threats and incidents. - Own incident response and investigation outcomes, leading end-to-end response across identification, containment, eradication, and recovery. - Shape team operations, evolving models, guiding execution during incidents, and scaling through automation and engineering. - Define and drive strategy for modern incident response function, ensuring high-quality investigations and improvements in detection/response. - Assess capabilities and chart path forward across people, process, and technology for global response. - Scale function through automation, tooling, and improved workflows. - Serve as key voice to senior leadership on incident trends, risks, and strategic direction; partner to turn learnings into security improvements. - Lead and mentor team of ~5+ senior engineers. - Partner with Security Platform, Detection Engineering, Infrastructure Security, Application Security, Infrastructure, Legal, Privacy, Global Safety and Security, and Engineering teams. - Coach and develop team members in careers, technical expertise, and collaboration. - Act as senior escalation point during high-severity incidents. - Ensure consistent, high-quality investigations with strong root cause analysis. - Establish priorities balancing speed, depth, and risk reduction. - Improve escalation paths, ownership clarity, and cross-functional coordination. - Use incident data to influence security priorities and investments. - Share incident learnings with Information Security teams for roadmaps. - Drive remediation with infrastructure, product, and engineering teams. - Define and track metrics like MTTD, MTTR, incident severity, and recurrence. - Communicate clearly during incidents to senior/executive leadership on insights, patterns, trends, and risks. ## Requirements - 9+ years industry experience in threat detection and incident response, with 3-5 years in engineering management. - Experience shaping/evolving incident response programs in complex environments. - Exceptional people management, mentorship, recruiting, developing, and retaining top talent. - Strong understanding of attacker behavior and frameworks like **MITRE ATT&CK**. - Experience with technologies: **EDR**, **SIEM**, cloud environments, investigation workflows. - Experience in cloud-native environments (**AWS**, **GCP**, **Azure**). - Ability to analyze ambiguous situations and make timely decisions. - Comfort partnering with engineering teams for scalable solutions. - Operate at strategic and tactical levels, from executive communication to incident leadership. - Experience defining team strategy, priorities, and operating models. - Strong judgment in risk assessment, escalation, and trade-offs. - Excellent communication across technical and executive audiences. ## Compensation **Pay Range**: $204,000—$255,000 USD (base pay; may include bonus, equity, benefits, Employee Travel Credits). **Apply:** https://hotfix.jobs/jobs/engineering-manager-investigations-and-incident-response-at-airbnb-395d726e-49aa-465f-8932-8381426099b0 **Canonical:** https://hotfix.jobs/jobs/engineering-manager-investigations-and-incident-response-at-airbnb-395d726e-49aa-465f-8932-8381426099b0