Senior Threat Response Engineer, Security Operations

About the Team

At DoorDash we’re building the industry’s most scalable and reliable delivery network to support our three-sided marketplace of consumers, merchants, and Dashers. Security is integral to the success of the business, as we secure the data and protect the privacy of our business and various stakeholders. The Security Operations team spans several capabilities, to include Threat Response, Detection Engineering, Corporate Security, and Security Platform Engineering. Our Mission is to create a secure DoorDash environment through proactive threat preparation and rapid response. We are committed to protecting our people, partners, customers, and technologies with robust safeguards and unwavering vigilance.

About the Role

The Threat Response Engineer, Security Operations will be responsible for conducting investigations and response operations across the incident response life-cycle to mitigate threats to DoorDash. This is a critical role that will work closely with cross functional partners to analyze threats, build and execute response playbooks, and strengthen the DoorDash security posture through proactive mitigating controls. The Threat Response Engineer will be part of a follow-the-sun 24x7 model and conduct handover to both US-based and International teams. This role is open to candidates across the US, with a strong preference for candidates based in Hawaii (HST) to support follow-the-sun coverage. On call and weekend availability will be required.

You will report into the Senior Manager, Cyber Defense in the Security Operations organization, under the Chief Information Security Officer.

You’re excited about this opportunity because you will…

• Monitor, analyze, and correlate security alerts, logs, and events from various sources
• Lead investigation and containment of security incidents, as incident handler
• Prepare post-mortem reports and conduct lessons learned
• Develop and maintain incident response playbooks and processes
• Coordinate with cross-functional teams, internally and externally, on threats targeting DoorDash
• Lead or participate in security tool proof-of-concepts and documentation
• Identify opportunities for alert development based on threats to DoorDash
• Conduct threat hunting
• Lead training or other education and awareness opportunities for the enterprise as required
• Use monitoring and detection platforms to investigate anomalous activity for potential insider risk.
• Advise and assist in the onboarding and implementation of custom tooling designed to alert on anomalous behaviors.
• Create and maintain a use case library to inform detections, and develop corresponding playbooks and escalation procedures.
• Participate in and support on-call rotation

We’re excited about you because…

• 5+ years of experience in Incident Response, Threat Hunt, and/or Security Operations.
• Experience working with Global partners in a follow-the-sun model
• Experience with a broad range of technologies including endpoint detection and network technologies, and SOAR/SIEM platforms
• Experience with AI / LLM technologies to help enrich and automate security operational processes.
• Computer forensics, including analysing Linux and MacOS systems.
• Working knowledge of a scripting language
• Exceptional analytical and investigative abilities
• Experience partnering with cross functional teams to support an investigation
• Excellent understanding of information security operations related frameworks and standards (e.