Senior Threat Response Engineer, Security Operations

About the Role

What You Will Do

• Monitor, analyze, and correlate security alerts, logs, and events from various sources to identify potential threats.
• Lead investigations and containment of security incidents, acting as an incident handler to mitigate risks.
• Prepare post-mortem reports and conduct lessons learned exercises to improve response strategies.
• Develop and maintain incident response playbooks and processes to ensure efficiency and effectiveness.
• Coordinate with cross-functional teams, both internally and externally, on threats targeting DoorDash to foster a collaborative approach to security.
• Lead or participate in security tool proof-of-concepts and documentation to stay abreast of the latest technologies and methodologies.
• Identify opportunities for alert development based on threats to DoorDash, enhancing the company's security infrastructure.
• Conduct threat hunting to proactively identify and mitigate potential threats.
• Lead training or other education and awareness opportunities for the enterprise as required to promote a culture of security.
• Use monitoring and detection platforms to investigate anomalous activity for potential insider risk, ensuring a comprehensive approach to security.
• Advise and assist in the onboarding and implementation of custom tooling designed to alert on anomalous behaviors, supporting the development of a robust security ecosystem.
• Create and maintain a use case library to inform detections, and develop corresponding playbooks and escalation procedures to ensure thorough incident response planning.
• Participate in and support on-call rotation, demonstrating commitment to the role's demands.

What We Are Looking For

• 5+ years of experience in Incident Response, Threat Hunt, and/or Security Operations, with a proven track record of success.
• Experience working with global partners in a follow-the-sun model, highlighting the ability to work effectively in a distributed team environment.
• Experience with a broad range of technologies, including endpoint detection and network technologies, and SOAR/SIEM platforms, demonstrating adaptability and technical competence.
• Experience with AI/LLM technologies to help enrich and automate security operational processes, showing an understanding of cutting-edge security solutions.
• Computer forensics experience, including analyzing Linux and MacOS systems, to support thorough incident investigations.
• Working knowledge of a scripting language, such as Python or PowerShell, to automate tasks and processes.
• Exceptional analytical and investigative abilities, with the capacity to analyze complex data sets and identify patterns.
• Experience partnering with cross-functional teams to support an investigation, emphasizing strong communication and collaboration skills.
• Excellent understanding of information security operations related frameworks and standards (e.g., MITRE Att&ck and NIST), to ensure alignment with industry best practices.
• Excellent verbal and written communication, presentation, and stakeholder management skills, to effectively engage with various stakeholders.

Nice to Have

• Certification in a relevant security discipline, such as CISSP, CEH, or CFCE, to demonstrate expertise and commitment to the field.
• Experience with cloud security platforms, such as AWS or Azure, to support the protection of cloud-based infrastructure.
• Knowledge of DevOps practices and tools, such as Jenkins or Docker, to facilitate integration with development teams.
• Experience with security orchestration, automation, and response (SOAR) tools, to enhance incident response efficiency.

Benefits and Perks

• Competitive base salary, localized according to employee work location, ensuring fairness and consideration of cost of living.
• Comprehensive benefits package, including a 401(k) plan with employer matching, to support long-term financial well-being.
• Flexible and remote work arrangements, accommodating different work styles and promoting work-life balance.
• Opportunities for professional growth and development, through training and education programs, to foster continuous learning and career advancement.
• Access to the latest security tools and technologies, to stay at the forefront of the field and tackle complex challenges.
• Collaborative and dynamic work environment, with a team of experienced security professionals, to encourage knowledge sharing and innovation.
• Recognition and reward for outstanding performance, through various incentives and recognition programs, to motivate and appreciate employee contributions.
• Health and wellness programs, including mental health support and employee assistance, to prioritize employee well-being and happiness.

• Tailor your resume and cover letter to highlight your experience in incident response, threat hunting, and security operations, ensuring that your application stands out.
• Prepare to discuss specific scenarios where you had to analyze threats, build response playbooks, and collaborate with cross-functional teams, demonstrating your problem-solving and communication skills.
• Showcase your knowledge of security frameworks and standards, such as MITRE Att&ck and NIST, to demonstrate your understanding of industry best practices and commitment to security.
• Be ready to explain your experience with AI/LLM technologies and how you have used them to enrich and automate security operational processes, highlighting your adaptability to new technologies.
• Highlight your ability to work in a fast-paced, dynamic environment, with a focus on flexibility, teamwork, and continuous learning, to demonstrate your fit for the role and the company culture.
• Prepare questions to ask the interviewer, focusing on the company culture, team dynamics, and opportunities for growth and development, to show your interest in the role and the company.
• Emphasize your passion for cybersecurity and your desire to make a significant impact in the field, to convey your motivation and engagement with the role and the industry.