The role is focused on conducting investigations into anomalous events that may pose risks to DoorDash, while also contributing to the design and development of detection and investigation capabilities. The Security Operations team is dedicated to creating a secure environment through proactive threat preparation and rapid response. This position involves analyzing threat intelligence, developing use cases, and collaborating with various internal teams to ensure coordinated investigation and response efforts. The successful candidate will report to the Director of Security Operations under the Chief Information Security Officer.

• 2-5+ years of experience in insider threat investigations, incident response, or federal law enforcement.
• Strong verbal and written communication skills with experience presenting findings to stakeholders.
• Experience conducting ethical, complex investigations in partnership with Legal, HR, and cross-functional stakeholders.
• Hands-on experience with insider risk and security tooling including SIEM/SOAR platforms, UEBA, UAM, and DLP tools.
• Proficiency querying large-scale datasets to support investigations and familiarity with log sources, data pipelines, and parsing.
• Familiarity with scripting and automation, and experience working in cloud and distributed environments using version control.

• Use monitoring and detection platforms to investigate anomalous activity for potential insider risk.
• Support the onboarding, implementation, and improvement of custom tooling designed to alert on anomalous behaviors.
• Create and maintain a use case library to inform detections and develop corresponding playbooks.
• Create standard operating procedures and cross-functional processes to govern investigation and response collaboration between teams.
• Leverage and help develop agentic and AI-assisted workflows to automate and scale insider threat investigations.
• Prepare investigative reports and briefings for leadership.
• Maintain chain-of-evidence and engage with External Law Enforcement when required.
• Lead training or other education and awareness opportunities for the enterprise as required.