Come help us build the world's most trusted on-demand, logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no downtime, global infrastructure system that powers DoorDash’s multi-sided marketplace of consumers, merchants, and drivers.
About the RoleThe Information Security team is looking for a Staff Security Engineer, Product Security to work on securing DoorDash’s platform running within its cloud computing environment. You will be a part of our inclusive, collaborative team responsible for building a safe and reliable application platform. On the Security team we need to protect all of our customers' applications, systems and business logic. It’s no simple task, but it wouldn’t be interesting if it was!
This is a remote position and you will report directly into the Senior Manager of the Product Security Engineering team.
You’re excited about this opportunity because you will… Work directly with engineering and security leaders to enact security strategies for DoorDash’s platform. Work with the Engineering and Security teams to plan a strategic roadmap. Build and deploy security measures and services to secure DoorDash platform and its applications. Be hands-on and perform manual and automated code reviews to identify vulnerabilities in APIs, microservices and mobile apps (Android and iOS). Conduct regular application security assessments. Define, document and implement security standards, guidelines and procedures for secure operations. As part of architectural and design review committees, provide actionable feedback in engineering design reviews. Manage the lifecycle of application vulnerabilities, from identification to remediation and reporting and metrics. Integrate and manage security tools into the CI/CD process. Ensure applications running within the cloud environment honor the requirements of information security policy and standards for segmentation and configuration. Develop and implement secure network and process controls for Kubernetes environments. Manage the lifecycle of application vulnerabilities, from identification to remediation and reporting and metrics. Develop tools and automated tests for improving our Security efficiency. We’re excited about you because… 8+ years of experience as a security or product security engineer. Deep understanding of authorization and authentication framework and technologies. Deep knowledge and hands on experience to build and deploy secured microservices. Hands on experience on understanding, identifying and remediating each OWASP top 10 vulnerabilities and similar. You are interested in analyzing code, architecture and design from a security perspective Well versed with scripting languages (e.g., python) and other programming languages (e.g., java). Golang experience is a plus. Experience in building asset inventory for security observability to identify attack paths and defense mechanisms. Experience with implementing and managing CI/CD pipeline security Knowledge of supply chain security (third party, artifactory, package integrity, etc.) Experience in payments security or in financial technology Breadth of technical experience across various application security areas running in large production environments. Exceptional analytical and investigative abilities with hands-on experience leading root cause analysis. Experience solving complex, systemic issues that require creative thinking and solutions. Demonstrated track record of driving improvements to a company’s security posture. Excellent verbal and written communication skills - you can explain security design with respect to cloud infrastructure to security and engineering personnel. Internal Bug Bounty program management experience is a plus. GWEB, GSSP, SSP or other industry certifications are a plus.
We expect this position to be filled by 7/6/2025.
Notice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only
We use Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023, and resumed using Covey Scout for Inbound again on June 29, 2024.
The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: Covey