Senior Product Security Engineer

Instacart
Summary
Join Instacart's dynamic security team as a Senior Security Engineer and play a critical role in ensuring the security and integrity of our products. You will design, implement, and ship high-quality security features, deploy security tools and frameworks, conduct security design reviews, collaborate with cross-functional teams, advise on security best practices, and participate in on-call rotations. This role requires a deep knowledge of security principles and the ability to identify and mitigate potential vulnerabilities. The ideal candidate will be a hybrid builder/breaker with experience in web/application penetration testing and a strong grasp of product security concepts. Instacart offers a flexible work environment and highly competitive compensation and benefits.
Requirements
- 5+ years of experience in Security Engineering or Software Engineering, demonstrating a strong grasp of product security concepts and principles
- Strong knowledge of common back-end web technologies (such as Ruby on Rails, Python, Golang, SQL, etc.) in a large-scale distributed system environment
- Experience with threat modeling, security assessments, product security concepts, and security architecture reviews
- An ability to make data-driven decisions & prioritize initiatives that improve key security metrics
- An ability to balance a sense of urgency with shipping high-quality and pragmatic solutions
- Solid self-management and organizational skills
- Experience developing tools and automation using common DevOps toolsets and programming languages (such as Python, Ruby, or Go)
Responsibilities
- Design, implement and ship high-quality security features for product and internal tools across Instacart
- Deploy and operationalize a variety of open-source and commercially available security tools and frameworks, including static and dynamic analysis, secret scanning, and IDS tools
- Conduct comprehensive security design reviews of new and existing products to identify potential security risks and develop mitigation strategies
- Collaborate with cross-functional teams, including engineering and product, to integrate security best practices into the software development process
- Advise on common best practices for security application design and architecture
- Participate in on-call rotations to support critical operations and respond to incidents with urgency
- Share knowledge and mentor other team members, promoting a culture of continuous learning and growth
Preferred Qualifications
- Bachelorβs degree in Computer Science, Engineering, Math, or related work experience
- In-depth knowledge of the best remediation techniques for different application vulnerabilities and the ability to explain them to product teams
- An ability to create written work products and detailed technical documents to work effectively with cross-functional teams and drive alignment on security objectives and plans
- Breaker experience, such as web/application penetration testing
- Experience working with highly ephemeral environments
- A security-related or architecture-related certification such as CISSP, OSCP, CEH
Benefits
- Instacart provides highly market-competitive compensation and benefits in each location where our employees work
- This role is remote
- Additionally, this role is eligible for a new hire equity grant as well as annual refresh grants
- For Canadian based candidates, the base pay ranges for a successful candidate are listed below
- $165,000 β $214,000 CAD