Enterprise Security Engineer

Enterprise Security is the primary point of contact for employee-focused security across DoorDash, Wolt, and Deliveroo. We deliver secure-by-default systems, processes, and controls for everyone who works here, and we build the self-service tooling that makes the secure choice the easy one. We partner closely with IT, Legal, Privacy, and Engineering to protect our people, devices, and data without slowing them down.

As an Enterprise Security Engineer, you'll help implement and operate the security controls that protect our workforce, endpoints, and corporate software environment across DoorDash, Wolt, and Deliveroo. You'll spend your time tuning the tools that keep employees secure, building automation that removes repetitive work, and partnering with teams across the company to make the secure path the easy one. It's an exciting time to join as we mature security across three global brands and lean into AI-assisted ways of working. You will report into the US Enterprise Security Team Lead on our Enterprise Security team in our Global Information Security organization.

• Implement and tune core security controls that protect employees across three global brands such as phishing-resistant multi-factor authentication, conditional access, device trust, and software-as-a-service (SaaS) posture management.
• Operate the day-to-day security stack, spanning endpoint detection and response (EDR), zero-trust network access, identity-aware proxies, browser security, and data loss prevention (DLP).
• Use AI-assisted coding tools to automate security workflows, incident response, and compliance evidence collection, verifying the output before it ships.
• Address modern SaaS risk such as shadow IT, OAuth token sprawl, and high-risk application reviews, partnering with IT and third-party risk teams.
• Help teams adopt secure-by-default baselines so that security supports their work rather than blocking it.

• You have 5+ years of experience in security engineering, enterprise security, IT security, or a related field.
• You have hands-on experience administering identity providers (e.g., Okta) and Google Workspace, and working knowledge of modern authentication standards (SAML, OAuth 2.0, OpenID Connect, FIDO2/WebAuthn).
• You have practical experience operating EDR/XDR platforms and securing macOS, Windows, and Linux endpoints through mobile device management (MDM).
• You have hands-on experience with at least one major cloud platform (e.g., AWS, GCP).
• You can write production-quality automation scripts (e.g., Python, Go) and communicate clearly in writing.

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience.
• Hands-on experience with one or more of: Tailscale, Google IAP, GitHub enterprise controls, Palo Alto Cortex, Chrome Enterprise.
• Experience with SaaS Security Posture Management (SSPM), CASB, or OAuth-scope governance.
• Experience operating DLP controls, particularly native DLP capabilities in major SaaS platforms.
• Experience with Infrastructure-as-code (e.g. Terraform) applied to security tooling.
• Experience supporting ISO 27001 or SOC 2 audits.
• Contributions to the security community (blog posts, conference talks, bug bounty, open source).
• Relevant certifications (e.g. CISSP Associate, GIAC).

• You've taken ownership of the day-to-day operation of at least one EntSec tool (e.g. Cortex policy tuning, Tailscale ACL maintenance, or GitHub user-centric controls).
• You've shipped at least one AI-assisted automation that eliminates a recurring ticket category in the Jira support queue.
• You've completed an exception-handling review of endpoint posture policies and surfaced any drift or gaps.

Notice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only

We used Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provided Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023.  We resumed using Covey Scout for Inbound again on June 29, 2024, and ceased using Covey Scout for Inbound on April 30, 2026.

The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: https://getcovey.com/nyc-local-law-144.