Sr. Security Engineer, Red Team

About the Team At DoorDash we’re building the industry’s most scalable and reliable delivery network to support our three-sided marketplace of consumers, merchants, and Dashers. Security is paramount to the success of our business, and DoorDash Security aspires to be the world’s best security team. We are committed to protecting our people, partners, customers, and technologies with robust safeguards and unwavering vigilance.

About the Role

The Security Engineer, Red Team will be responsible for conducting threat intelligence-informed, adversary emulations to simulate real-world cyber attacks and proactively identify security improvement opportunities in the DoorDash environment. This role will work closely with cross-functional teams across the company to assess the security posture of DoorDash’s critical assets and products. You will report directly to the CISO, with the freedom and accountability to complete full scope red team operations against any valuable objectives in the company, providing a crucial feedback loop for all of our efforts in upholding customer trust. You’re excited about this opportunity because you will…

• Plan and execute realistic adversary simulations using curated threat intelligence to assess security opportunities, and detection and response capabilities
• Exercise range of expertise to include cyber, insider, fraud, and physical security Red Team testing scenarios
• Develop custom tools and payloads to test the DoorDash security posture
• Document assessment plans and report findings for technical and non-technical audiences
• Partner with Blue Teams to escalate emerging threats and develop proactive detection or defensive strategies
• Provide consultation, operational readouts, and expert solutions for complex security challenges impacting DoorDash

We’re excited about you because…

• 5+ years of experience in Red Teaming and Purple Teaming
• You are passionate about offensive security and care about improving your craft every day
• Have a deep understanding of adversary mindsets, to include experiential knowledge of advanced persistent threats (APT) and Insider Threat tactics, techniques, and procedures
• Experience partnering with cross-functional teams to secure diverse environments, providing feedback loops that articulate business risks and generate actionable intelligence
• Strong experience with multi-platform and cloud exploitation, and malware development.
• Strong knowledge of one of Kotlin, Java, Python, Powershell or Golang
• Experience using and developing tooling, methodologies and scalable infrastructure to support red team engagements capabilities (e.g. command and control frameworks, phishing environment, exploits)
• Experience with Command and Control (C2) frameworks
• Experience with Defense Evasion to bypass security tooling (e.g. Endpoint Detection and Response)
• Excellent understanding of information security operations related frameworks and standards (e.g., MITRE Att&ck)
• Experience providing technical leadership and guidance, and thinking strategically and analytically to solve problems
• Excellent communication, presentation, and stakeholder management skills
• Engages with a people-first approach, is able to facilitate a conversation rather than dictate it, and is empathetic to divergent viewpoints

We expect this position to be filled by 6/29/25. Notice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only We use Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023, and resumed using Covey Scout for Inbound again on June 29, 2024. The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: Covey Apply Job!