Staff Security Engineer, Proactive Security

At DoorDash we’re building the industry’s most scalable and reliable delivery network to support our three-sided marketplace of consumers, merchants, and Dashers. Security is integral to the success of the business, as we secure the data and protect the privacy of our business and various stakeholders. The Product Security team is responsible for ensuring the security of DoorDash’s platform. You will be a part of our inclusive, collaborative team responsible for building a safe and reliable application platform.

Our Security Engineering team is looking for a Staff Security Engineer, Proactive Security to lead planning, development, and execution on Product Security initiatives to secure DoorDash’s Dasher Logistics vertical. This role will own technical direction, vision and execution for your assigned vertical, partnering closely with our in-house Security Research and Mobile Security SMEs to drive long-term security improvements across our global Dasher Logistics infrastructure.

You will be a part of our inclusive, collaborative global team responsible for building “paved road” Security Product controls directly into our Dasher products to ensure a safe, secure and resilient delivery network. This is a US or Canada remote position reporting directly to the Engineering Manager, Proactive Security and ultimately to the Global Director, Proactive Security. 

• Set and own strategic roadmaps for assigned security partner pod and work directly with product, engineering and security leaders to ship product security outcomes into DoorDash’s platform.
• Prioritize customer experience, ergonomics and thoughtful security design to prevent an adverse impact to dashers from security flaws.
• Go deep and become an expert in the Dasher Logistics engineering vertical, focusing on resolving classes of security vulnerabilities affecting the Dasher ecosystem. 
• Partner cross-functionally with Core Infrastructure, Product Engineering, Legal, and Security Platform teams to build "paved paths" that provide actionable feedback to embed secure design practices.
• Advise and mentor other security engineers to build and deploy security measures and services to secure DoorDash platform and its applications for assigned verticals.
• Build solutions to address complex security challenges impacting DoorDash products, performing hands-on manual and automated code reviews to identify vulnerabilities in APIs, microservices, and mobile apps.
• Conduct regular application security assessments and manage the lifecycle of application vulnerabilities, from identification to remediation, reporting, and metrics.
• Integrate and manage security tools into the CI/CD process and develop tools and automated agentic harnesses for improving our Security efficiency.

• 10+ years of experience as a Software Engineering archetype Product Security Engineer.
• Experience working with Global teams managing a diverse portfolio of products and partnering with engineering, product, fraud, and others to secure diverse environments.
• Experience providing technical leadership and guidance, and thinking strategically and analytically to solve problems with excellent communication, presentation, and stakeholder management skills.
• Lead with a people-first approach, able to facilitate a conversation rather than dictate it, and is empathetic to divergent viewpoints.
• Expert understanding of authorization and authentication framework and technologies, with hands-on experience building and deploying secured microservices.
• Hands-on experience understanding, identifying, and fixing OWASP top 10 and similar vulnerabilities, with a strong interest in analyzing code, architecture, and design from a security perspective.
• Well-versed in at least one object-oriented programming language (e.g., Java, Golang).
• Experience with mobile security app hardening, application shielding, and threat modeling mobile APIs is a strong plus.
• Breadth of technical experience across various application and product security areas running in large cloud native production environments.

Notice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only

We used Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provided Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023.  We resumed using Covey Scout for Inbound again on June 29, 2024, and ceased using Covey Scout for Inbound on April 30, 2026.

The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: https://getcovey.com/nyc-local-law-144.