Enterprise Security Engineer

About the Team Enterprise Security is the primary point of contact for employee-focused security across DoorDash, Wolt, and Deliveroo. We deliver secure-by-default systems, processes, and controls for everyone who works here, and we build the self-service tooling that makes the secure choice the easy one. We partner closely with IT, Legal, Privacy, and Engineering to protect our people, devices, and data without slowing them down. About the Role As an Enterprise Security Engineer, you'll help implement and operate the security controls that protect our workforce, endpoints, and corporate software environment across DoorDash, Wolt, and Deliveroo. You'll spend your time tuning the tools that keep employees secure, building automation that removes repetitive work, and partnering with teams across the company to make the secure path the easy one. It's an exciting time to join as we mature security across three global brands and lean into AI-assisted ways of working. You will report into the US Enterprise Security Team Lead on our Enterprise Security team in our Global Information Security organization. You're excited about this opportunity because you will... • Implement and tune core security controls that protect employees across three global brands such as phishing-resistant multi-factor authentication, conditional access, device trust, and software-as-a-service (SaaS) posture management. • Operate the day-to-day security stack, spanning endpoint detection and response (EDR), zero-trust network access, identity-aware proxies, browser security, and data loss prevention (DLP). • Use AI-assisted coding tools to automate security workflows, incident response, and compliance evidence collection, verifying the output before it ships. • Address modern SaaS risk such as shadow IT, OAuth token sprawl, and high-risk application reviews, partnering with IT and third-party risk teams. • Help teams adopt secure-by-default baselines so that security supports their work rather than blocking it. We're excited about you because... • You have 5+ years of experience in security engineering, enterprise security, IT security, or a related field. • You have hands-on experience administering identity providers (e.g., Okta) and Google Workspace, and working knowledge of modern authentication standards (SAML, OAuth 2.0, OpenID Connect, FIDO2/WebAuthn). • You have practical experience operating EDR/XDR platforms and securing macOS, Windows, and Linux endpoints through mobile device management (MDM). • You have hands-on experience with at least one major cloud platform (e.g., AWS, GCP). • You can write production-quality automation scripts (e.g., Python, Go) and communicate clearly in writing. Nice to Haves • Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience. • Hands-on experience with one or more of: Tailscale, Google IAP, GitHub enterprise controls, Palo Alto Cortex, Chrome Enterprise. • Experience with SaaS Security Posture Management (SSPM), CASB, or OAuth-scope governance. • Experience operating DLP controls, particularly native DLP capabilities in major SaaS platforms. • Experience with Infrastructure-as-code (e.g. Terraform) applied to security tooling. • Experience supporting ISO 27001 or SOC 2 audits. • Contributions to the security community (blog posts, conference talks, bug bounty, open source). • Relevant certifications (e.g. CISSP Associate, GIAC). What success looks like in your first 6 months • You've taken ownership of the day-to-day operation of at least one EntSec tool (e.g. Cortex policy tuning, Tailscale ACL maintenance, or GitHub user-centric controls). • You've shipped at least one AI-assisted automation that eliminates a recurring ticket category in the Jira support queue. • You've completed an exception-handling review of endpoint posture policies and surfaced any drift or gaps. Applications for this position are accepted on an ongoing basis Compensation The successful candidate's starting pay will fall within the pay range listed below and is determined based on job-related factors including, but not limited to, skills, experience, qualifications, work location, and market conditions. Base salary is localized according to an employee's work location. Ranges are market-dependent and may be modified in the future. In addition to base salary, the compensation for this role includes opportunities for equity grants. Talk to your recruiter for more information. DoorDash cares about you and your overall well-being. That's why we offer a comprehensive benefits package to all regular employees, which includes a 401(k) plan with employer matching, 16 weeks of paid parental leave, wellness benefits, commuter benefits match, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act). DoorDash also offers medical, dental, and vision benefits, 11 paid holidays, disability