Staff Infrastructure Security Engineer

Summary

Join Instacart's fast-moving team as a Staff Infrastructure Security Engineer. This remote role focuses on enhancing the security posture of our cloud infrastructure (AWS and GCP). You will build and deploy automation tools, collaborate with the incident response team, and advise other teams on secure development practices. The position requires expertise in cloud infrastructure security, experience with various programming languages and containerized environments, and a strong understanding of system and networking fundamentals. Instacart offers competitive compensation and benefits, including equity grants and a flexible remote work policy.

Requirements

• Expertise in Cloud Infrastructure Security (AWS is a MUST with GCP or Azure strongly desirable)
• Strong experience in one or more of the following languages: Python, Ruby, Go, Shell and regularly commit code or contribute to open source projects
• Experience working with containerized environments and related orchestrations techniques (Docker and/or Kubernetes)
• Experience scaling infrastructure with code or deploying Terraform
• Functional understanding of distributed systems and service oriented architectures
• Strong system and networking fundamentals such as TCP/IP, kernel operations, memory and file system management, particularly on linux platforms
• Enjoy working collaboratively with internal customers and stakeholders and can navigate security/productivity trade-offs

Responsibilities

• Drive and improve the security posture of our cloud infrastructure AWS & GCP environment
• Build and deploy tools and services to automate enforcement of security baseline across our cloud infrastructure, including: IAM and configuration management
• Build and deploy tools and services to automate enforcement of security baseline across our cloud infrastructure, including: Container and system security and vulnerability management
• Build and deploy tools and services to automate enforcement of security baseline across our cloud infrastructure, including: PKI and secret management
• Partner with our incident response team to design and implement detection and response capability on our cloud Infrastructure
• Work closely with IT to harden and secure our corporate and endpoint infrastructure
• Provide advisory and consulting service to engineering, product and IT teams to ensure their services are built with security in mind
• Participate in the team’s on-call rotation and help drive critical infrastructure incidents to resolution

Preferred Qualifications

• Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent work experience
• Knowledge of common attack patterns/TTP as well as hardening strategies for ONE or more of the following systems: Windows/AzureAD
• Knowledge of common attack patterns/TTP as well as hardening strategies for ONE or more of the following systems: Linux
• Knowledge of common attack patterns/TTP as well as hardening strategies for ONE or more of the following systems: OSX

Benefits

• Highly market-competitive compensation and benefits
• Remote work
• Equity grant
• Annual refresh grants