Senior Product Security Engineer
We're transforming the grocery industry
Instacart is the North American leader in online grocery and one of the fastest-growing companies in e-commerce. Since 2012, we’ve been working towards creating a world where everyone has access to the food they love and more time to enjoy it together.
Groceries delivered to your door in as little as an hour. It seems simple, right? Well, it’s more complex than that. From re-routing deliveries during snowstorms, to connecting customers with coupons and deals for their favorite brands, to updating over half a billion grocery data lines every night...our efforts bring Instacart closer to being the operating system for the grocery industry.
Solving these problems is what helps our customers get back time in their day, so they can do more of what they love.
Introducing Our Hybrid Working Model
As the future of work evolves, so do we. We have a hybrid model where our roles are open to in-office, flex, or remote work. Learn more about our flexible approach to where we work.
OVERVIEW
We're looking for experienced Engineers to join our fast moving team. We work on a range of interesting and challenging problems, from supporting thousands of concurrent shoppers and processing millions of data points in real time, to determining the best route for deliveries and predicting store inventory levels.
At Instacart, we hold ourselves greatly responsible for protecting our customers', shoppers', partners' data and provide a secure platform to shop. As one of the early members of the security team, you will have a tremendous impact on Instacart's security posture and engineering culture. This is a great opportunity for someone who wants to have a large sense of ownership, grow extraordinarily in their career, develop cross-functional technical and soft skills, in not just security, but engineering overall. Our platform is complex, rapidly scaling and processing millions of transactions in real-time, all of the time.
ABOUT THE JOB
- Build, deploy and maintain tools to help with security intrusion detection, audit, and response.
- Investigate and respond to security incidents, automating the investigation and/or remediation where possible
- Conduct application design and code reviews on an ongoing basis
- Help identify risk patterns and offer proactive defense suggestions
- Create, review and maintain RBAC policies across AWS, GCP and Kubernetes in line with the principles of least privilege
- Work with stakeholders across the organization, provide security training and outreach to our internal development teams to achieve a consistently high security bar
ABOUT YOU
- Experience with Python and/or Go or the desire to learn them quickly
- Experience with Cloud Infrastructure Security (AWS/GCP) and SOA patterns
- Solid understanding of application security concepts and best practices
- Ability to understand application and system architectures holistically
- Dexterity to identify, analyze, scope, contain and eradicate real-world threats
- Experience with Secure development life-cycle (SDLC) practices including threat modelling and security testing
Desirable
- Experience with GDPR, CCPA and SOC2 compliance
- Experience running bug bounty programs and triaging/resolving security vulnerabilities in the application layer.
#LI-Remote