About the position
The Information Security team is looking for an Application Security Engineer to work on securing DoorDash’s Merchant products running within its cloud computing environment. You will be a part of our inclusive, collaborative team responsible for building a safe and reliable application platform. On the Security team we need to protect all of our customers' applications and business logic. It’s no simple task, but it wouldn’t be interesting if it was! This is a remote position and you will report directly into the Head of the Product Security team.
Responsibilities
- Work directly with engineering and security leaders to enact security strategies for DoorDash’s merchant applications.
- Be hands-on and perform manual and automated code reviews to identify vulnerabilities in APIs, microservices and mobile apps (Android and iOS).
- Conduct regular application security assessments.
- Define, document and implement security standards, guidelines and procedures for secure operations.
- Provide actionable feedback in engineering design reviews as part of architectural and design review committees.
- Manage the lifecycle of application vulnerabilities, from identification to remediation and reporting and metrics.
- Integrate and manage security tools into the CI/CD process.
- Ensure applications running within the cloud environment honor the requirements of information security policy and standards for segmentation and configuration.
- Develop and implement secure network and process controls for Kubernetes environments.
- Develop tools and automated tests for improving our Security efficiency.
Requirements
- 2-5 years of experience as an application engineer or in an information security discipline.
- Deep understanding of each OWASP top 10 vulnerability, microservices security and design.
- Interest in analyzing code, architecture and design from a security perspective.
- Well versed with scripting languages (e.g., python) and other programming languages (e.g., java). Kotlin experience is a plus.
- Experience with implementing and managing CI/CD pipeline security.
- Breadth of technical experience across various application security areas running in large production environments.
- Exceptional analytical and investigative abilities with hands-on experience leading root cause analysis.
- Experience solving complex, systemic issues that require creative thinking and solutions.
- Demonstrated track record of driving improvements to a company’s security posture.
- Excellent verbal and written communication skills.
Nice-to-haves
- GWEB, GSSP, SSP or other industry certifications.
Benefits
- 401(k) plan with employer matching.
- 16 weeks of paid parental leave.
- Wellness benefits.
- Commuter benefits match.
- Paid time off and paid sick leave.
- Medical, dental, and vision benefits.
- 11 paid holidays.
- Disability and basic life insurance.
- Family-forming assistance.
- Mental health program.
