Staff Security Engineer, Product Security

Join us in building the world's most trusted on-demand logistics engine for delivery! We are assembling a team of talented individuals to secure and maintain a 24x7, global infrastructure system that powers DoorDash’s multi-sided marketplace involving consumers, merchants, and drivers.

The Information Security team seeks a Staff Security Engineer, Product Security, to safeguard DoorDash’s platform within its cloud environment. You will be part of an inclusive, collaborative team dedicated to creating a safe and reliable application platform. Your role involves protecting all customer applications, systems, and business logic. It’s challenging but rewarding work!

This is a remote position reporting directly to the Senior Manager of the Product Security Engineering team.

• Collaborate with engineering and security leaders to develop security strategies for DoorDash’s platform.
• Plan and execute a strategic security roadmap.
• Implement security measures and services to protect the platform and applications.
• Perform manual and automated code reviews to identify vulnerabilities in APIs, microservices, and mobile apps (Android and iOS).
• Conduct regular security assessments of applications.
• Define, document, and enforce security standards, guidelines, and procedures.
• Provide security feedback during architectural and design reviews.
• Manage the lifecycle of vulnerabilities from detection to remediation, including reporting and metrics.
• Integrate security tools into the CI/CD pipeline.
• Ensure applications in the cloud comply with security policies and standards, including segmentation and configuration.
• Develop and enforce secure network and process controls for Kubernetes environments.
• Create tools and automated tests to enhance security efficiency.

• 8+ years of experience in security or product security engineering.
• Strong understanding of authorization and authentication frameworks.
• Hands-on experience in building and deploying secure microservices.
• Proficiency in identifying and remediating OWASP top 10 vulnerabilities.
• Interest in analyzing code, architecture, and design from a security perspective.
• Proficiency in scripting languages (e.g., Python) and programming languages (e.g., Java); Golang experience is a plus.
• Experience in security observability, attack path identification, and defense mechanisms.
• Experience with CI/CD pipeline security management.
• Knowledge of supply chain security (third-party, package integrity, etc.).
• Experience in payments security or fintech is desirable.
• Broad technical experience across application security in large environments.
• Strong analytical, investigative, and root cause analysis skills.
• Proven ability to solve complex systemic issues creatively.
• Track record of improving security posture.
• Excellent communication skills for explaining security concepts to diverse audiences.
• Experience managing bug bounty programs is a plus.
• Relevant industry certifications (e.g., GWEB, GSSP, SSP) are a plus.

We aim to fill this position by 7/6/2025.

Note: This role is remote, and applicants in NYC or associated with NYC offices should be aware of specific hiring tools and policies, including Covey Scout usage and nondiscrimination policies.