Security Engineer, Threat and Vulnerability Management

United States - Remote

Applications have closed

DoorDash

When you join our team, you join our dream: to grow and empower local economies. We’re focused on improvement—from moving faster to leveling up the quality of our product—and our work is never complete. If you’re looking to define your career...

View company page

Come help us build the world's most trusted on-demand, logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no downtime, global infrastructure system that powers DoorDash’s multi-sided marketplace of consumers, merchants, and drivers.

The Information Security team is looking for a Security Engineer to help identify, classify, scan, and report on security vulnerabilities and misconfigurations within DoorDash’s infrastructure. You will be a part of our inclusive, collaborative team responsible for building a safe and reliable delivery network. On the Security team we need to protect all of our customers, as well as the logistics engine itself. It’s no simple task, but it wouldn’t be interesting if it was!

What You’ll Do
  • Research and analyze vulnerability results to triage them using Mitre and other resources
  • Assist in the running and management of a bug bounty program.
  • Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.
  • Maintain an active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.
  • Procure and maintain tools and scripts used in asset discovery and vulnerability status. 
  • Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds. 
  • Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.
  • Support internal and external auditors in their duties that focus on compliance and risk reduction. 
  • Define key performance indicators (KPIs) and metrics across business units to illustrate effectiveness with vulnerability management.
  • Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of misconfiguration, compromise or information leakage. 
What We’re Looking For
  • 5+ years of combined experience in vulnerability management, threat assessments, or a multi-discipline security engineer role.
  • Breadth of technical experience across various infrastructure and security areas running in large production environments.
  • Experience stabilizing systems to run minimal application requirements, least privilege and additional host hardening.
  • Proficient with vulnerability management solutions such as Qualys, Nexpose, Nessus, Kenna Security, Tanium and open source. (Other examples are acceptable) 
  • Exceptional analytical and investigative abilities with hands-on experience leading root cause analysis.
  • Experience solving complex, systemic issues that require creative thinking and solutions.
  • Demonstrated track record of driving improvements to a company’s security posture.
  • Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle
  • Expertise with cloud infrastructure and management in AWS, GCP, or Azure.
  • Excellent verbal and written communication skills - you can explain vulnerability remediation to leadership, security, and engineering personnel. 
Why You’ll Love Working at DoorDash
  • We are leaders - Leadership is not limited to our management team. It’s something everyone at DoorDash embraces and embodies.
  • We are doers - We believe the only way to predict the future is to build it. Creating solutions that will lead our company and our industry is what we do -- on every project, every day. 
  • We are learners - We’re not afraid to dig in and uncover the truth, even if it’s scary or inconvenient. Everyone here is continually learning on the job, no matter if we’ve been in a role for one year or one minute.
  • We are customer-obsessed - Our mission is to grow and empower local economies. We are committed to our customers, merchants, and dashers and believe in connecting people with possibility.
  • We are all DoorDash - The magic of DoorDash is our people, together making our inspiring goals attainable and driving us to greater heights. 
  • We offer great compensation packages and comprehensive health benefits.
About DoorDash

At DoorDash, our mission to empower local economies shapes how our team members move quickly and always learn and reiterate to support merchants, Dashers and the communities we serve. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team members who can help us go from a company that is known for delivering food to a company that  people turn to for any and all goods. Read more on the DoorDash website, the DoorDash blog, the DoorDash Engineering blog, and the DoorDash Careers page.

DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. Our leaders seek the truth and welcome big, hairy, audacious questions. We are grounded in our company values, and we make intentional decisions that are both logical and display empathy for our range of users—from Dashers to Merchants to Customers.

Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.

Pursuant to the Colorado Fair Pay Act, the base salary range in Colorado for this position is $140000 - $210000, plus opportunities for equity and commission. Compensation in other geographies may vary. We're committed to supporting employees’ happiness, healthiness, and overall well-being by providing comprehensive benefits and perks including premium healthcare, wellness expense reimbursement, paid parental leave and more.

We're committed to supporting employees’ happiness, healthiness, and overall well-being by providing comprehensive benefits and perks including premium healthcare, wellness expense reimbursement, paid parental leave and more.

Our Commitment to Diversity and Inclusion

We’re committed to growing and empowering a more inclusive community within our company, industry, and cities. That’s why we hire and cultivate diverse teams of people from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has room at the table and the tools, resources, and opportunity to excel. 

Statement of Non-Discrimination: In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on: race, color, ancestry, national origin, religion, age, gender, marital/domestic partner status, sexual orientation, gender identity or expression, disability status, or veteran status. Above and beyond discrimination and harassment based on “protected categories,” we also strive to prevent other subtler forms of inappropriate behavior (i.e., stereotyping) from ever gaining a foothold in our office. Whether blatant or hidden, barriers to success have no place at DoorDash. We value a diverse workforce – people who identify as women, non-binary or gender non-conforming, LGBTQIA+, American Indian or Native Alaskan, Black or African American, Hispanic or Latinx, Native Hawaiian or Other Pacific Islander, differently-abled, caretakers and parents, and veterans are strongly encouraged to apply. Thank you to the Level Playing Field Institute for this statement of non-discrimination.

 

If you need any accommodations, please inform your recruiting contact upon initial connection.

 

Tags: AWS Azure Cloud Compliance CVSS GCP KPIs MITRE ATT&CK Nessus Open Source OWASP Qualys Vulnerabilities Vulnerability management

Perks/benefits: Career development Equity Health care Parental leave Wellness

Regions: Remote/Anywhere North America
Country: United States
Job stats:  23  6  1

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.