Remote Application Security Engineer

Description:

• The Information Security team is seeking an Application Security Engineer to secure DoorDash’s financial products in a cloud computing environment.
• This role involves working with engineering and security leaders to implement security strategies for financial applications.
• Responsibilities include performing manual and automated code reviews to identify vulnerabilities in APIs, microservices, and mobile apps (Android and iOS).
• The engineer will conduct regular application security assessments and define, document, and implement security standards and procedures.
• Participation in architectural and design review committees is required to provide actionable feedback.
• The role includes managing the lifecycle of application vulnerabilities from identification to remediation and reporting.
• Integration and management of security tools into the CI/CD process is essential.
• The engineer must ensure applications comply with information security policies and standards for segmentation and configuration.
• Development and implementation of secure network and process controls for Kubernetes environments are part of the job.
• The engineer will also develop tools and automated tests to improve security efficiency.

Requirements:

• Candidates must have 5+ years of experience as an application engineer or in an information security discipline.
• A deep understanding of the OWASP top 10 vulnerabilities, microservices security, and design is required.
• Interest in analyzing code, architecture, and design from a security perspective is essential.
• Proficiency in scripting languages (e.g., Python) and programming languages (e.g., Java) is necessary; Kotlin experience is a plus.
• Experience in implementing and managing CI/CD pipeline security is required.
• Familiarity with payments security or financial technology is preferred.
• A broad technical experience across various application security areas in large production environments is needed.
• Exceptional analytical and investigative abilities with hands-on experience in root cause analysis are required.
• Candidates should have a demonstrated track record of improving a company’s security posture.
• Excellent verbal and written communication skills are necessary to explain security design related to cloud infrastructure.
• Internal Bug Bounty program management experience is a plus.
• Relevant industry certifications such as GWEB, GSSP, or SSP are advantageous.

Benefits:

• DoorDash offers a comprehensive benefits package that includes a 401(k) plan with an employer match, paid time off, and paid parental leave.
• Employees receive wellness benefits and several paid holidays, along with paid sick leave in compliance with applicable laws.
• Full-time employees are provided with medical, dental, and vision benefits, as well as disability and basic life insurance.
• Additional benefits include family-forming assistance, a commuter benefit match, and a mental health program.
• Opportunities for equity grants are available in addition to the base salary, which ranges from $159,800 to $235,000 USD based on various factors.