Senior Product Security Engineer

Summary

Join Instacart's dynamic security team as a Senior Security Engineer and play a critical role in ensuring the security and integrity of our products. You will design, implement, and ship high-quality security features, deploy security tools and frameworks, conduct security design reviews, collaborate with cross-functional teams, advise on security best practices, and participate in on-call rotations. This role requires a deep knowledge of security principles and the ability to identify and mitigate potential vulnerabilities. The ideal candidate will be a hybrid builder/breaker with experience in web/application penetration testing and a strong grasp of product security concepts. Instacart offers a flexible work environment and highly competitive compensation and benefits.

Requirements

• 5+ years of experience in Security Engineering or Software Engineering, demonstrating a strong grasp of product security concepts and principles
• Strong knowledge of common back-end web technologies (such as Ruby on Rails, Python, Golang, SQL, etc.) in a large-scale distributed system environment
• Experience with threat modeling, security assessments, product security concepts, and security architecture reviews
• An ability to make data-driven decisions & prioritize initiatives that improve key security metrics
• An ability to balance a sense of urgency with shipping high-quality and pragmatic solutions
• Solid self-management and organizational skills
• Experience developing tools and automation using common DevOps toolsets and programming languages (such as Python, Ruby, or Go)

Responsibilities

• Design, implement and ship high-quality security features for product and internal tools across Instacart
• Deploy and operationalize a variety of open-source and commercially available security tools and frameworks, including static and dynamic analysis, secret scanning, and IDS tools
• Conduct comprehensive security design reviews of new and existing products to identify potential security risks and develop mitigation strategies
• Collaborate with cross-functional teams, including engineering and product, to integrate security best practices into the software development process
• Advise on common best practices for security application design and architecture
• Participate in on-call rotations to support critical operations and respond to incidents with urgency
• Share knowledge and mentor other team members, promoting a culture of continuous learning and growth

Preferred Qualifications

• Bachelor’s degree in Computer Science, Engineering, Math, or related work experience
• In-depth knowledge of the best remediation techniques for different application vulnerabilities and the ability to explain them to product teams
• An ability to create written work products and detailed technical documents to work effectively with cross-functional teams and drive alignment on security objectives and plans
• Breaker experience, such as web/application penetration testing
• Experience working with highly ephemeral environments
• A security-related or architecture-related certification such as CISSP, OSCP, CEH

Benefits

• Instacart provides highly market-competitive compensation and benefits in each location where our employees work
• This role is remote
• Additionally, this role is eligible for a new hire equity grant as well as annual refresh grants
• For Canadian based candidates, the base pay ranges for a successful candidate are listed below
• $165,000 — $214,000 CAD