Principal Engineer, Product Security

About the Team

At DoorDash we’re building the industry’s most scalable and reliable delivery network to support our three-sided marketplace of consumers, merchants, and Dashers. Security is integral to the success of the business, as we secure the data and protect the privacy of our business and various stakeholders. The Product Security team is responsible for ensuring the security of DoorDash’s platform. You will be a part of our inclusive, collaborative team responsible for building a safe and reliable application platform.

About the Role

The Information Security team is looking for a Principal Engineer, Product Security who will lead planning, development, and execution on Product Security initiatives which secure DoorDash’s platform. The Principal Engineer, Product Security should have a “builder mindset” and be responsible for becoming an expert at our business and solving unique security challenges as we launch new products across each of our business verticals. This role will provide strategic direction to more junior engineers and lead our Security Partnership model working closely with our Product and Engineering teams for each business vertical. This critical role is responsible for enhancing the organization's security posture by advising on security strategies and solutions to solve challenges facing each vertical and work with more junior engineers to ship them into the product. 

You will report into the Head of Product Security, under the Chief Information Security Officer.

You’re excited about this opportunity because you will…

• Set and own strategic roadmaps for security partner pods and work directly with product, engineering and security leaders to enact security strategies for DoorDash’s platform.
• Prioritize customer experience and security design to prevent an adverse impact to the customers, merchants, and dashers from security flaws
• Advise and mentor other security engineers to build and deploy security measures and services to secure DoorDash platform and its applications across our verticals. 
• Provide senior consultation and build solutions for complex security challenges impacting DoorDash Products balancing business needs with security objectives
• Be hands-on and perform manual and automated code reviews to identify vulnerabilities in APIs, microservices and mobile apps (Android and iOS).
• Conduct regular application security assessments.
• Define, document and implement security standards, guidelines and procedures for secure operations.
• As part of architectural and design review committees, provide actionable feedback in engineering design reviews.
• Manage the lifecycle of application vulnerabilities, from identification to remediation and reporting and metrics.
• Integrate and manage security tools into the CI/CD process.
• Ensure applications running within the cloud environment honor the requirements of information security policy and standards for segmentation and configuration.
• Develop and implement secure network and process controls for Kubernetes environments.
• Develop tools and automated tests for improving our Security efficiency.

We’re excited about you because…

• 10+ years of experience as a security or product security engineer
• Experience working with Global teams managing a diverse portfolio of products
• Experience partnering with engineering, product, fraud, and others to secure diverse environments
• Experience providing technical leadership and guidance, and thinking strategically and analytically to solve problems
• Excellent communication, presentation, and stakeholder management skills
• Lead with a people-first approach, able to facilitate a conversation rather than dictate it, and is empathetic to divergent viewpoints
• Expert understanding of authorization and authentication framework and technologies.
• Expert knowledge and hands on experience to build and deploy secured microservices.
• Hands on experience on understanding, identifying and remediating each OWASP top 10 vulnerabilities and similar.
• You are interested in analyzing code, architecture and design from a security perspective
• Well versed with scripting languages (e.g., python) and other programming languages (e.g., java). Golang experience is a plus.
• Experience in building asset inventory for security observability to identify attack paths and defense mechanisms.
• Experience with implementing and managing CI/CD pipeline security
• Knowledge of supply chain security (third party, artifactory, package integrity, etc.)
• Experience in building security solutions for products that need to maintain HIPAA and PCI or other fintech products
• Breadth of technical experience across various application security areas running in large production environments.
• Experience solving complex, systemic issues that require creative thinking and solutions.
• Demonstrated track record of driving strategic improvements and building solutions to better a company’s security posture.
• Excellent verbal and written communication skills - you can explain security design with respect to cloud infrastructure to both engineering and non engineering personnel. 
• GWEB, GSSP, SSP or other industry certifications are a plus.

We expect this position to be filled by 9/9/25

Compensation

The successful candidate’s starting pay will fall within the pay range listed below and is determined based on job-related factors including, but not limited to, skills, experience, qualifications, work location, and market conditions. Base salary is localized according to an employee’s work location. Ranges are market-dependent and may be modified in the future.

In addition to base salary, the compensation for this role includes opportunities for equity grants. Talk to your recruiter for more information.

DoorDash cares about you and your overall well-being. That’s why we offer a comprehensive benefits package to all regular employees, which includes a 401(k) plan with employer matching, 16 weeks of paid parental leave, wellness benefits, commuter benefits match, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act). DoorDash also offers medical, dental, and vision benefits, 11 paid holidays, disability and basic life insurance, family-forming assistance, and a mental health program, among others.

To learn more about our benefits, visit our careers page here.

See below for paid time off details:

• For salaried roles: flexible paid time off/vacation, plus 80 hours of paid sick time per year.
• For hourly roles: vacation accrued at about 1 hour for every 25.97 hours worked (e.g. about 6.7 hours/month if working 40 hours/week; about 3.4 hours/month if working 20 hours/week), and paid sick time accrued at 1 hour for every 30 hours worked (e.g. about 5.8 hours/month if working 40 hours/week; about 2.9 hours/month if working 20 hours/week).

The national base pay range for this position within the United States, including Illinois and Colorado.$231,200—$340,000 USDAbout DoorDash

At DoorDash, our mission to empower local economies shapes how our team members move quickly, learn, and reiterate in order to make impactful decisions that display empathy for our range of users—from Dashers to merchant partners to consumers. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team members who can help us go from a company that is known for delivering food to a company that people turn to for any and all goods.

DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. We're committed to supporting employees’ happiness, healthiness, and overall well-being by providing comprehensive benefits and perks including premium healthcare, wellness expense reimbursement, paid parental leave and more.

Our Commitment to Diversity and Inclusion

We’re committed to growing and empowering a more inclusive community within our company, industry, and cities. That’s why we hire and cultivate diverse teams of people from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has room at the table and the tools, resources, and opportunity to excel.

Statement of Non-Discrimination: In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on: race, color, ancestry, national origin, religion, age, gender, marital/domestic partner status, sexual orientation, gender identity or expression, disability status, or veteran status. Above and beyond discrimination and harassment based on “protected categories,” we also strive to prevent other subtler forms of inappropriate behavior (i.e., stereotyping) from ever gaining a foothold in our office. Whether blatant or hidden, barriers to success have no place at DoorDash. We value a diverse workforce – people who identify as women, non-binary or gender non-conforming, LGBTQIA+, American Indian or Native Alaskan, Black or African American, Hispanic or Latinx, Native Hawaiian or Other Pacific Islander, differently-abled, caretakers and parents, and veterans are strongly encouraged to apply. Thank you to the Level Playing Field Institute for this statement of non-discrimination.

Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.

If you need any accommodations, please inform your recruiting contact upon initial connection.