The Threat Response Engineer in Security Operations at DoorDash is responsible for conducting investigations and response operations to mitigate threats. This role is critical for analyzing threats, building response playbooks, and enhancing the security posture of DoorDash. The engineer will work in a follow-the-sun model, collaborating with both US-based and international teams. The position requires on-call and weekend availability to ensure continuous security coverage.

• 5+ years of experience in Incident Response, Threat Hunt, and/or Security Operations.
• Experience working with Global partners in a follow-the-sun model.
• Experience with a broad range of technologies including endpoint detection and network technologies, and SOAR/SIEM platforms.
• Experience with AI / LLM technologies to help enrich and automate security operational processes.
• Computer forensics experience, including analyzing Linux and MacOS systems.
• Working knowledge of a scripting language.
• Exceptional analytical and investigative abilities.
• Experience partnering with cross functional teams to support an investigation.
• Excellent understanding of information security operations related frameworks and standards (e.g., MITRE Att&ck and NIST).
• Excellent verbal and written communication, presentation, and stakeholder management skills.

• Monitor, analyze, and correlate security alerts, logs, and events from various sources.
• Lead investigation and containment of security incidents as an incident handler.
• Prepare post-mortem reports and conduct lessons learned.
• Develop and maintain incident response playbooks and processes.
• Coordinate with cross-functional teams, internally and externally, on threats targeting DoorDash.
• Lead or participate in security tool proof-of-concepts and documentation.
• Identify opportunities for alert development based on threats to DoorDash.
• Conduct threat hunting.
• Lead training or other education and awareness opportunities for the enterprise as required.
• Use monitoring and detection platforms to investigate anomalous activity for potential insider risk.
• Advise and assist in the onboarding and implementation of custom tooling designed to alert on anomalous behaviors.
• Create and maintain a use case library to inform detections, and develop corresponding playbooks and escalation procedures.
• Participate in and support on-call rotation.