• Monitor and investigate security events across networks and cloud environments • Support security incident response through investigation and escalation • Review authentication activity and access controls for gaps • Maintain effectiveness of security operational controls and practices • Support logging and monitoring controls across infrastructure • Participate in BCP/DR testing and documentation activities • Collaborate with Engineering and Product for secure software development practices • Work cross-functionally to support security operations and customer trust initiatives

**Responsibilities: ** · Manage the security event monitoring and incident response ticket queues and triage as appropriate to meet the established service level agreements · Promptly transfer cybersecurity tickets to the client or internal point of contact · Clearly convey indicators of compromise, isolation, and remediation steps · Analyze and interpret system, security, and application logs in order to diagnose faults, spot abnormal behavior, and rule out false positives · Effectively utilize End Detection and Response tools to investigate alerts, anomalies, and build accurate timelines related to possible compromise · Follow established procedures to investigate, escalate, contain, or eradicate malicious activity · Develop and deliver written and oral reports to clients, teammates, and management to aggregate and communicate security information and metrics · Provide input and recommendations to improve internal processes and procedures related to SOC duties and responsibilities · Participate in threat-hunting activities and other special projects as required · Understand and follow, our set of standards and processes that produce a predictable result for the client. You must be aware of and maintain our standards. **Additional Responsibilities: ** · Maintain accurate and real-time timesheets, record complete and accurate notes of troubleshooting and communication with clients · Receive mentoring and feedback from peers and others · Where appropriate, escalate complicated issues to a more senior resource or other appropriate teams · Review Tickets with Manager · Actively Participate in Team Huddles, L10 Meetings, One on One Meetings, and any other Team Meetings · Create and update documentation when changes occur, or when discoveries are made · Attend monthly training & team meetings as required · Additional duties as required

• Perform expert-level secure code reviews with a focus on OWASP Top 10 and CWE vulnerability classes. • Identify, triage, and remediate application-layer vulnerabilities, including broken access control, IDOR, SQL injection, command injection, and deserialization flaws. • Develop and maintain security automation tools using Python, GoLang, or JavaScript/TypeScript to streamline vulnerability detection and remediation processes. • Conduct and document penetration tests, collaborating cross-functionally to drive remediation initiatives. • Advise development teams on secure coding practices, bringing a proactive security mindset into the software lifecycle. • Stay informed of emerging threats and incorporate best practices within the customer's environments. • Communicate effectively through detailed written reports and verbal briefings, ensuring security findings are clearly understood and actionable.

• Monitor, analyze, and correlate security alerts, logs, and events from various sources • Lead investigation and containment of security incidents, as incident handler • Prepare post-mortem reports and conduct lessons learned • Develop and maintain incident response playbooks and processes • Coordinate with cross-functional teams, internally and externally, on threats targeting DoorDash • Lead or participate in security tool proof-of-concepts and documentation • Identify opportunities for alert development based on threats to DoorDash • Conduct threat hunting • Lead training or other education and awareness opportunities for the enterprise as required • Use monitoring and detection platforms to investigate anomalous activity for potential insider risk • Advise and assist in the onboarding and implementation of custom tooling designed to alert on anomalous behaviors • Create and maintain a use case library to inform detections, and develop corresponding playbooks and escalation procedures • Participate in and support on-call rotation