Key skills
PythonGolangAIAWSGCPTerraformIAMSSOCI/CDOWASPCloud Security
About this role
DoorDash is a technology and logistics company focused on empowering local economies. They are seeking a Staff Security Engineer to lead threat modeling, hardening, and operation of security services within the Product and Cloud Security domains, ensuring a safe and reliable delivery network.
Responsibilities:
- Threat model, design, harden, and operationalize Product and Cloud Security services and controls at DoorDash scale
- Define, document and implement security standards, guidelines and procedures to design and implement automated security controls and remediation tools with rigor and developer ergonomics
- Partner cross-functionally with Core Infrastructure, Product Engineering, Legal, Security teams and Vendor Partners to build “paved paths” that provide actionable feedback to embed secure design practices into the product and infrastructure development process
- Lead the technical direction and roadmap execution for your assigned area of ownership
- Build and maintain high Operational Excellence (OE) to ensure we operate services with excellence, rigor and durable standards to ensure minimal downtime
- Participate in on-call rotation and promptly respond to on-call events with urgency and rigor
- Manage the lifecycle of product and cloud security vulnerabilities, from identification, triage, and drive remediation, reporting and metrics
- Influence and enable the secure and responsible adoption of LLMs and AI tools
- Mentor and coach earlier career engineers, setting high standards for Operational Excellence and Security Engineering
Requirements:
- 8+ years as a security engineer in product or infrastructure security, with deep hands-on AWS expertise across identity, IAM, SSO, and infrastructure hardening
- Ability to point to specific projects personally delivered at the service level (GCP experience is a plus)
- Write production-quality automation and tooling daily, with hands-on AI experimentation applied to cloud security problems
- Proficient in Python or other languages like Golang, and strong with IaC tooling like Terraform
- Driven foundational improvements to a company's infrastructure security posture and brought breadth across security and infrastructure in large production environments, including CI/CD pipelines for automated control enforcement
- Deep understanding of OWASP Top 10, distributed systems security and design, and ability to analyze code, architecture, and designs from a security perspective
- Solve complex, systemic problems with creative thinking, bring exceptional analytical and investigative abilities with hands-on root cause analysis experience
- Communicate clearly in writing and conversation with engineering partners on design docs and architecture reviews