Staff Security Engineer – Proactive Security
Location
California
Posted
2 days ago
Salary
$193.8K - $285K / year
Seniority
Lead
Job Description
Staff Security Engineer – Proactive Security
DoorDash
• Lead planning, development, and execution on Product Security initiatives • Set and own strategic roadmaps for assigned security partner pod • Collaborate with product, engineering, and security teams • Advise and mentor other security engineers • Build solutions to address complex security challenges • Conduct regular application security assessments • Integrate and manage security tools into the CI/CD process • Perform hands-on manual and automated code reviews
Job Requirements
- 10+ years of experience as a Software Engineering archetype Product Security Engineer
- Experience working with Global teams managing a diverse portfolio of products
- Experience providing technical leadership and guidance
- Ability to think strategically and analyze problems
- Expert understanding of authorization and authentication frameworks
- Hands-on experience building secured microservices
- Experience understanding and fixing OWASP top 10 vulnerabilities
- Well-versed in at least one object-oriented programming language (Java, Golang)
- Experience with mobile security app hardening is a strong plus
- Breadth of technical experience across various application and product security areas
Benefits
- 401(k) plan with employer matching
- 16 weeks of paid parental leave
- Wellness benefits
- Commuter benefits match
- Paid time off
- Paid sick leave in compliance with applicable laws
- Medical, dental, and vision benefits
- 11 paid holidays
- Disability and basic life insurance
- Family-forming assistance
- Mental health program
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Perform web application and network security testing. • Conduct vulnerability assessments and penetration testing activities. • Identify, analyse and prioritise infrastructure weaknesses. • Support organisational cybersecurity risk assessments. • Contribute to threat landscape analysis and risk scenario development. • Support cybersecurity maturity and capability assessments. • Conduct threat hunting activities where required. • Prepare technical reports, findings, risk ratings and remediation recommendations.
• Support the preparation and delivery of cybersecurity exercises. • Contribute to tabletop, operational, technical and awareness-raising exercises. • Develop, customise and localise training and exercise material. • Support the use of exercise platforms, systems or digital collaboration tools. • Deliver cybersecurity training sessions for technical and non-technical audiences. • Prepare presentations, case studies, exercises, assessment templates and supporting documentation. • Assess the impact of trainings and exercises through feedback, quizzes or evaluation mechanisms. • Prepare reports, lessons learned and recommendations for improvement.
• Support cybersecurity incident analysis, triage and response activities. • Perform log monitoring, log analysis and incident investigation. • Support artefact and forensic evidence analysis. • Contribute to root cause analysis and identification of affected systems. • Support incident coordination, containment, eradication and recovery activities. • Assist in the development or improvement of incident response procedures and playbooks. • Prepare technical reports, findings, recommendations and lessons learned.
Information Security Lead
emerchantpayWe’re on a mission to create a global payment ecosystem that connects businesses and consumers everywhere.
• Define and maintain the information security strategy, standards, and roadmap, aligned to applicable regulations, rules, and security best practices. • Steer security architecture across a cloud-native environment, defining secure-by-design patterns for microservices, APIs, and shared platform services. • Establish and govern secure software development lifecycle (secure SDLC) practices, embedding automated security controls into CI/CD pipelines. • Define and drive adoption of cloud security guardrails - identity, network segmentation, encryption, secrets management, and configuration baselines. • Build and run security monitoring, logging, and threat detection across cloud, infrastructure, and application layers. • Lead the security incident response lifecycle - preparation, detection, containment, eradication, recovery, and post-incident review - and act as incident commander for security events. • Own vulnerability and threat management: scanning, risk-based prioritization, remediation tracking, and reporting across infrastructure, containers, and application code. • Plan and coordinate penetration testing and offensive-security exercises (in-house or co-sourced) and drive findings to closure. • Govern identity and access management, privileged access, and least-privilege principles across cloud and corporate systems. • Define and oversee data protection controls - encryption, key management, data classification, and loss prevention - for sensitive and cardholder data. • Secure corporate IT and office infrastructure, including endpoints, networks, and productivity and collaboration platforms. • Partner with Engineering and DevOps teams to make the secure path the easy path, providing tooling, standards, threat modelling, and design reviews. • Provide security input into architecture and change decisions, including the adoption of new technologies and third-party services. • Run security awareness and phishing-resilience programs for technical and non-technical staff. • Implement and evidence the technical security controls underpinning PCI DSS, ISO 27001, and SOC audits. • Monitor the evolving threat landscape and emerging security technologies. • Act as a key member of the internal security center of excellence and contribute to cross-functional security working groups. • Build, lead, and mentor a small security team. • Report security posture, key risks, and metrics.


