DoorDash is a technology and logistics company focused on empowering local economies. As an Enterprise Security Engineer, you will implement and operate security controls to protect the workforce and corporate software environment, while also partnering with various teams to enhance security measures.
Responsibilities:
- Implement and tune core security controls that protect employees across three global brands such as phishing-resistant multi-factor authentication, conditional access, device trust, and software-as-a-service (SaaS) posture management
- Operate the day-to-day security stack, spanning endpoint detection and response (EDR), zero-trust network access, identity-aware proxies, browser security, and data loss prevention (DLP)
- Use AI-assisted coding tools to automate security workflows, incident response, and compliance evidence collection, verifying the output before it ships
- Address modern SaaS risk such as shadow IT, OAuth token sprawl, and high-risk application reviews, partnering with IT and third-party risk teams
- Help teams adopt secure-by-default baselines so that security supports their work rather than blocking it
Requirements:
- You have 2-5 years of experience in security engineering, enterprise security, IT security, or a related field
- You have hands-on experience administering identity providers (e.g., Okta) and Google Workspace, and working knowledge of modern authentication standards (SAML, OAuth 2.0, OpenID Connect, FIDO2/WebAuthn)
- You have practical experience operating EDR/XDR platforms and securing macOS, Windows, and Linux endpoints through mobile device management (MDM)
- You have hands-on experience with at least one major cloud platform (e.g., AWS, GCP)
- You can write production-quality automation scripts (e.g., Python, Go) and communicate clearly in writing
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience
- Hands-on experience with one or more of: Tailscale, Google IAP, GitHub enterprise controls, Palo Alto Cortex, Chrome Enterprise
- Experience with SaaS Security Posture Management (SSPM), CASB, or OAuth-scope governance
- Experience operating DLP controls, particularly native DLP capabilities in major SaaS platforms
- Experience with Infrastructure-as-code (e.g. Terraform) applied to security tooling
- Experience supporting ISO 27001 or SOC 2 audits
- Contributions to the security community (blog posts, conference talks, bug bounty, open source)
- Relevant certifications (e.g. CISSP Associate, GIAC)