• Design, implement, and maintain DLP controls across email, endpoint, cloud, web, and collaboration platforms • Engineer and tune custom DLP detections using regex, Exact Data Matching (EDM), Indexed Document Matching (IDM), classifiers, and contextual telemetry • Own the full DLP policy lifecycle, including policy creation, normalization, testing, deployment, tuning, version control, and change management • Analyze and triage DLP and insider risk alerts, conduct root cause analysis, and recommend mitigation strategies to improve control effectiveness • Partner with Security Operations, Incident Response, Risk, Legal, Compliance, and Information Protection teams to investigate potential data exfiltration and insider risk events • Build and enhance automation workflows, dashboards, and reporting to improve visibility into data movement, user behavior, and program performance • Serve as a technical subject matter expert for DLP platforms and data protection capabilities across the enterprise • Translate regulatory requirements, business needs, and risk scenarios into practical, enforceable technical controls • Continuously improve detection quality, operational processes, and reporting to advance program maturity and business alignment • Contribute to the evaluation and responsible use of AI-enabled security capabilities that improve detection, analysis, and operational efficiency within data protection workflows

• Design and conduct offensive security operations / engagements for product and internal tools across Instacart. • Deploy and operationalize a variety of open-source and commercially available security tools that can scale out and be maintained long term. • Collaborate with cross-functional teams, including engineering and product, to integrate security testing into their SDLC cycle. • Share knowledge and mentor other team members, promoting a culture of continuous learning and growth.

• Design and conduct offensive security operations / engagements for product and internal tools across Instacart. • Deploy and operationalize a variety of open-source and commercially available security tools that can scale out and be maintained long term. • Collaborate with cross-functional teams, including engineering and product, to integrate security testing into their SDLC cycle. • Share knowledge and mentor other team members, promoting a culture of continuous learning and growth.

Role Description At Doppel, we focus on building a culture where people feel respected, supported, and trusted to do meaningful work. We value clarity, collaboration, and solving real problems for our customers and teammates. We’re looking for a Product Security Engineer to support and scale our product and cloud security efforts by embedding into engineering workflows and serving as a subject matter expert for GCP. The role partners closely with engineering teams to conduct architecture reviews, facilitate threat modeling, and support penetration testing engagements from scoping through remediation. This position contributes to the design and implementation of least-privilege IAM, helps build and maintain security guardrails through policy and infrastructure-as-code, and ensures security issues are effectively triaged, tracked, and resolved in collaboration with stakeholders. In addition to hands-on execution, the role emphasizes enablement providing guidance, documentation, and mentorship to engineers, along with clear communication and reporting to security leadership. This role is open remotely across the U.S. and Canada. What You Will Do - Partner with product and engineering teams to support security architecture reviews for product features and the GCP environment; facilitate threat modeling and document risks, existing controls, and actionable recommendations. - Coordinate and support penetration testing engagements by assisting with vendor selection and scoping, establishing rules of engagement, coordinating testing activities, validating findings, supporting severity assessment, and tracking remediation and retesting in collaboration with engineering teams. - Serve as a GCP security subject matter expert for project teams, advising on secure patterns across networking (VPC, private access, perimeter controls), data protection (KMS, secrets), compute runtimes (GKE, Cloud Run, GCE), CI/CD (Cloud Build, Artifact Registry), and logging and monitoring. - Support the implementation and ongoing improvement of least-privilege IAM in GCP by advising on role design (custom vs. predefined), service account lifecycle management, workload identity, IAM Conditions, organization and folder policy constraints, and periodic access reviews. - Assist with triage and routing of product security findings to appropriate engineering owners; help tune detection rules to reduce noise, support severity and SLA definition, and track remediation progress, including documenting justified exceptions. - Contribute to security guardrails through policy and infrastructure-as-code (e.g., org policies, constraints, reusable Terraform modules, admission or policy controllers) and support integration of pre-merge security checks into CI/CD workflows. - Develop and maintain practical documentation and runbooks (e.g., design review checklists, IAM standards, exception processes) and deliver targeted enablement sessions for engineers and product managers. - Provide visibility into progress and risk through metrics and regular status updates to security leadership; proactively surface blockers and suggest options and tradeoffs. - Coach and mentor engineers and code owners on secure-by-default coding practices and architectural patterns. Qualifications - 5–7 years of experience in product security, cloud security engineering, or a related field. - Strong knowledge of Google Cloud Platform (GCP) services and security best practices, including IAM, networking, data protection, and workload runtimes. - Hands-on experience with penetration testing coordination, threat modeling, and risk assessment. - Demonstrated proficiency in Python and cloud-native programming or scripting languages to design and maintain security automation, policy enforcement, and continuous compliance controls using Infrastructure as Code. - Familiarity with designing and enforcing least-privilege IAM and conducting access reviews. - Ability to communicate security risks and recommendations clearly to engineering and leadership audiences. Benefits - $175,000 - $200,000 USD - Meaningful equity so you share in Doppel’s success - Remote first culture with flexibility built in - Flexible PTO, comprehensive health benefits, parental leave, and more - A high growth environment where your work has immediate impact and visibility Salary Range $175,000 — $200,000 USD