Senior Security Engineer, Red Team

At DoorDash we’re building the industry’s most scalable and reliable delivery network to support our three-sided marketplace of consumers, merchants, and Dashers. Security is paramount to the success of our business, and DoorDash Security aspires to be the world’s best security team. We are committed to protecting our people, partners, customers, and technologies with robust safeguards and unwavering vigilance. 

The Senior Security Engineer, Red Team will be responsible for conducting threat intelligence-informed adversary emulations to simulate real-world cyber attacks and proactively identify security improvement opportunities in the DoorDash environment. This role will work closely with cross-functional teams across the company and assess the security posture of DoorDash’s critical assets and products.

This role operates with the necessary freedom and accountability to complete full-scope Red Team operations against any valuable objectives in the company, providing a crucial feedback loop for all efforts in upholding customer trust.

• Plan and execute realistic adversary simulations using curated threat intelligence to assess security opportunities, and detection and response capabilities
• Hunt for vulnerabilities across AI systems, payment infrastructure, autonomous delivery hardware, and emerging technologies before adversaries do
• Exercise range of expertise to include cyber, insider, and fraud Red Team testing scenarios.
• Build custom tools, exploits, and payloads tailored to DoorDash's unique and evolving tech stack
• Partner with Blue Teams to escalate emerging threats and develop proactive detection or defensive strategies
• Advise leadership on emerging threats and shape the security strategy for one of the world's most complex logistics platforms

• 5+ years of experience in Red Teaming and Purple Teaming
• You are passionate about offensive security and care about improving your craft every day
• You think like an adversary. You have deep, experiential knowledge of APT and insider threat TTPs, not just theoretical familiarity
• Experience partnering with cross-functional teams to secure diverse environments, providing feedback loops that articulate business risks and generate actionable intelligence
• You've run full-scope operations across multi-platform and cloud environments, and you know how to build the malware and tooling to support them
• Strong knowledge of one of Python, Golang, Rust, Kotlin, Java, or Powershell 
• Experience using and developing tooling, methodologies and scalable infrastructure to support red team engagements capabilities (e.g. command and control frameworks, phishing environment, exploits)
• Experience with Command and Control (C2) frameworks
• Experience with Defense Evasion to bypass security tooling (e.g. Endpoint Detection and Response)
• Excellent understanding of information security operations related frameworks and standards (e.g., MITRE Att&ck)
• Experience providing technical leadership and guidance, and thinking strategically and analytically to solve problems
• Excellent communication, presentation, and stakeholder management skills
• Engages with a people-first approach, is able to facilitate a conversation rather than dictate it, and is empathetic to divergent viewpoints

Notice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only

We used Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provided Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023.  We resumed using Covey Scout for Inbound again on June 29, 2024, and ceased using Covey Scout for Inbound on April 30, 2026.

The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: https://getcovey.com/nyc-local-law-144.