Staff Security Engineer – Proactive Security

Security EngineerSecurity EngineerFull TimeRemoteLeadTeam 10,001+H1B SponsorCompany SiteLinkedIn

Location

California

Posted

2 days ago

Salary

$193.8K - $285K / year

Seniority

Lead

Bachelor Degree10 yrs expEnglishJavaMicroservicesGo

Job Description

Staff Security Engineer – Proactive Security

DoorDash

• Lead planning, development, and execution on Product Security initiatives • Set and own strategic roadmaps for assigned security partner pod • Collaborate with product, engineering, and security teams • Advise and mentor other security engineers • Build solutions to address complex security challenges • Conduct regular application security assessments • Integrate and manage security tools into the CI/CD process • Perform hands-on manual and automated code reviews

Job Requirements

  • 10+ years of experience as a Software Engineering archetype Product Security Engineer
  • Experience working with Global teams managing a diverse portfolio of products
  • Experience providing technical leadership and guidance
  • Ability to think strategically and analyze problems
  • Expert understanding of authorization and authentication frameworks
  • Hands-on experience building secured microservices
  • Experience understanding and fixing OWASP top 10 vulnerabilities
  • Well-versed in at least one object-oriented programming language (Java, Golang)
  • Experience with mobile security app hardening is a strong plus
  • Breadth of technical experience across various application and product security areas

Benefits

  • 401(k) plan with employer matching
  • 16 weeks of paid parental leave
  • Wellness benefits
  • Commuter benefits match
  • Paid time off
  • Paid sick leave in compliance with applicable laws
  • Medical, dental, and vision benefits
  • 11 paid holidays
  • Disability and basic life insurance
  • Family-forming assistance
  • Mental health program

Related Categories

Related Job Pages

More Security Engineer Jobs

Full TimeRemoteTeam 11-50Since 2017H1B No Sponsor

• Perform web application and network security testing. • Conduct vulnerability assessments and penetration testing activities. • Identify, analyse and prioritise infrastructure weaknesses. • Support organisational cybersecurity risk assessments. • Contribute to threat landscape analysis and risk scenario development. • Support cybersecurity maturity and capability assessments. • Conduct threat hunting activities where required. • Prepare technical reports, findings, risk ratings and remediation recommendations.

Greece
Full TimeRemoteTeam 11-50Since 2017H1B No Sponsor

• Support the preparation and delivery of cybersecurity exercises. • Contribute to tabletop, operational, technical and awareness-raising exercises. • Develop, customise and localise training and exercise material. • Support the use of exercise platforms, systems or digital collaboration tools. • Deliver cybersecurity training sessions for technical and non-technical audiences. • Prepare presentations, case studies, exercises, assessment templates and supporting documentation. • Assess the impact of trainings and exercises through feedback, quizzes or evaluation mechanisms. • Prepare reports, lessons learned and recommendations for improvement.

Greece
Full TimeRemoteTeam 11-50Since 2017H1B No Sponsor

• Support cybersecurity incident analysis, triage and response activities. • Perform log monitoring, log analysis and incident investigation. • Support artefact and forensic evidence analysis. • Contribute to root cause analysis and identification of affected systems. • Support incident coordination, containment, eradication and recovery activities. • Assist in the development or improvement of incident response procedures and playbooks. • Prepare technical reports, findings, recommendations and lessons learned.

Greece
emerchantpay logo

Information Security Lead

emerchantpay

We’re on a mission to create a global payment ecosystem that connects businesses and consumers everywhere.

Full TimeRemoteTeam 201-500H1B No Sponsor

• Define and maintain the information security strategy, standards, and roadmap, aligned to applicable regulations, rules, and security best practices. • Steer security architecture across a cloud-native environment, defining secure-by-design patterns for microservices, APIs, and shared platform services. • Establish and govern secure software development lifecycle (secure SDLC) practices, embedding automated security controls into CI/CD pipelines. • Define and drive adoption of cloud security guardrails - identity, network segmentation, encryption, secrets management, and configuration baselines. • Build and run security monitoring, logging, and threat detection across cloud, infrastructure, and application layers. • Lead the security incident response lifecycle - preparation, detection, containment, eradication, recovery, and post-incident review - and act as incident commander for security events. • Own vulnerability and threat management: scanning, risk-based prioritization, remediation tracking, and reporting across infrastructure, containers, and application code. • Plan and coordinate penetration testing and offensive-security exercises (in-house or co-sourced) and drive findings to closure. • Govern identity and access management, privileged access, and least-privilege principles across cloud and corporate systems. • Define and oversee data protection controls - encryption, key management, data classification, and loss prevention - for sensitive and cardholder data. • Secure corporate IT and office infrastructure, including endpoints, networks, and productivity and collaboration platforms. • Partner with Engineering and DevOps teams to make the secure path the easy path, providing tooling, standards, threat modelling, and design reviews. • Provide security input into architecture and change decisions, including the adoption of new technologies and third-party services. • Run security awareness and phishing-resilience programs for technical and non-technical staff. • Implement and evidence the technical security controls underpinning PCI DSS, ISO 27001, and SOC audits. • Monitor the evolving threat landscape and emerging security technologies. • Act as a key member of the internal security center of excellence and contribute to cross-functional security working groups. • Build, lead, and mentor a small security team. • Report security posture, key risks, and metrics.

Bulgaria