Security Engineer, Insider Threat

About the Team

At DoorDash we’re building the industry’s most scalable and reliable delivery network to support our three-sided marketplace of consumers, merchants, and Dashers. Security is integral to the success of the business, as we secure the data and protect the privacy of our business and various stakeholders. The Security Operations team spans several capabilities, to include Threat Response, Threat Hunt, Threat Intelligence, Detection Engineering, Corporate Security, and Security Platform Engineering. Our Mission is to create a secure DoorDash environment through proactive threat preparation and rapid response. We are committed to protecting our people, partners, customers, and technologies with robust safeguards and unwavering vigilance.

About the Role

This role will be responsible for conducting investigations into anomalous events and behaviors that may pose risk to the company, while contributing to the design and development of detection and investigation capabilities to scale those efforts. This is a critical role that will analyze threat intelligence, develop use cases, conduct data analysis, execute complex investigations, drive detection engineering, write reports, advise on preventative controls, and collaborate with multiple internal teams to ensure coordinated investigation and response efforts.

You will report into the Director, Security Operations under the Chief Information Security Officer.

You’re excited about this opportunity because you will…

• Use monitoring and detection platforms to investigate anomalous activity for potential insider risk, and develop detections to proactively identify similar behaviors at scale
• Support the onboarding, implementation, and improvement of custom tooling designed to alert on anomalous behaviors
• Create and maintain a use case library to inform detections, and develop corresponding playbooks, leveraging version-controlled workflows (e.g., Git) to ensure consistency and scalability
• Create standard operating procedures and cross-functional processes to govern investigation and response collaboration between teams
• Leverage and help develop agentic and AII-assisted workflows to automate and scale insider threat investigations and detection capabilities
• Prepare investigative reports and briefings for leadership
• Maintain chain-of-evidence and engage with External Law Enforcement, when required
• Lead training or other education and awareness opportunities for the enterprise as required

We’re excited about you because…

• 2-5+ years of experience in insider threat investigations, incident response, or federal law enforcement
• Strong verbal and written communication skills with experience presenting findings to stakeholders
• Experience conducting ethical, complex investigations in partnership with Legal, HR, and cross-functional stakeholders
• Hands-on experience with insider risk and security tooling including SIEM/SOAR platforms, UEBA, UAM, and DLP tools
• Proficiency querying large-scale datasets to support investigations (e.g. SQL) and familiarity with log sources, data pipelines, and parsing
• Familiarity with scripting and automation, and experience working in cloud and distributed environments using version control