Staff Security Engineer, Product Security

Come help us build the world's most trusted on-demand, logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no downtime, global infrastructure system that powers DoorDash’s multi-sided marketplace of consumers, merchants, and drivers.

The Information Security team is seeking a Staff Security Engineer, Product Security to secure DoorDash’s platform within its cloud environment. You will be part of an inclusive, collaborative team responsible for building a safe and reliable application platform, protecting all customer applications, systems, and business logic.

This is a remote position reporting directly to the Senior Manager of the Product Security Engineering team.

• Collaborate with engineering and security leaders to develop security strategies.
• Plan and execute a strategic security roadmap.
• Build and deploy security measures for the platform and applications.
• Perform manual and automated code reviews to identify vulnerabilities.
• Conduct regular application security assessments.
• Define and implement security standards and procedures.
• Provide security feedback during architectural and design reviews.
• Manage vulnerability lifecycle from identification to remediation.
• Integrate security tools into CI/CD pipelines.
• Ensure cloud applications adhere to security policies and standards.
• Develop secure network and process controls for Kubernetes environments.
• Create tools and automated tests to improve security efficiency.

• 8+ years in security or product security engineering.
• Strong understanding of authentication and authorization frameworks.
• Experience deploying secure microservices.
• Proficiency in identifying and remediating OWASP top 10 vulnerabilities.
• Ability to analyze code, architecture, and design from a security perspective.
• Proficiency in scripting languages (e.g., Python) and programming languages (e.g., Java, Golang is a plus).
• Experience with security observability, attack path identification, and defense mechanisms.
• Knowledge of CI/CD pipeline security and supply chain security.
• Experience in payments security or financial technology.
• Technical breadth across application security in large environments.
• Strong analytical and investigative skills with root cause analysis experience.
• Proven track record of improving security posture.
• Excellent communication skills to explain security concepts clearly.
• Experience with Bug Bounty programs and industry certifications are a plus.