Key skills
Red TeamingThreat IntelligencePythonCommandControl (C2)Vulnerability AssessmentDefense EvasionInformation Security FrameworksStakeholder ManagementEmpathyJavaGolangKotlinRustPowerShellAILeadershipCommunication
About this role
DoorDash is building a scalable and reliable delivery network and seeks a Senior Security Engineer for its Red Team. This role involves conducting adversary emulations to identify security opportunities and collaborating with cross-functional teams to enhance the security posture of DoorDash's critical assets.
Responsibilities:
- Plan and execute realistic adversary simulations using curated threat intelligence to assess security opportunities, and detection and response capabilities
- Hunt for vulnerabilities across AI systems, payment infrastructure, autonomous delivery hardware, and emerging technologies before adversaries do
- Exercise range of expertise to include cyber, insider, and fraud Red Team testing scenarios
- Build custom tools, exploits, and payloads tailored to DoorDash's unique and evolving tech stack
- Partner with Blue Teams to escalate emerging threats and develop proactive detection or defensive strategies
- Advise leadership on emerging threats and shape the security strategy for one of the world's most complex logistics platforms
Requirements:
- 5+ years of experience in Red Teaming and Purple Teaming
- You are passionate about offensive security and care about improving your craft every day
- You think like an adversary. You have deep, experiential knowledge of APT and insider threat TTPs, not just theoretical familiarity
- Experience partnering with cross-functional teams to secure diverse environments, providing feedback loops that articulate business risks and generate actionable intelligence
- You've run full-scope operations across multi-platform and cloud environments, and you know how to build the malware and tooling to support them
- Strong knowledge of one of Python, Golang, Rust, Kotlin, Java, or Powershell
- Experience using and developing tooling, methodologies and scalable infrastructure to support red team engagements capabilities (e.g. command and control frameworks, phishing environment, exploits)
- Experience with Command and Control (C2) frameworks
- Experience with Defense Evasion to bypass security tooling (e.g. Endpoint Detection and Response)
- Excellent understanding of information security operations related frameworks and standards (e.g., MITRE Att&ck)
- Experience providing technical leadership and guidance, and thinking strategically and analytically to solve problems
- Excellent communication, presentation, and stakeholder management skills
- Engages with a people-first approach, is able to facilitate a conversation rather than dictate it, and is empathetic to divergent viewpoints