Job Description

Locations

• United States, United States (Remote)

Salary

Skills Required

• Security Engineeringintermediate
• Product Securityintermediate
• Offensive Security/Penetration Testingintermediate
• Secure architectureintermediate
• Threat modelingintermediate
• Security researchintermediate
• Cloud infrastructure (AWS, Azure, GCP)intermediate
• DevSecOpsintermediate
• CI/CD security integrationintermediate
• Automationintermediate
• Container security (Docker, Kubernetes)intermediate
• Microservices architecturesintermediate
• Infrastructure-as-code (Terraform, CloudFormation, Ansible)intermediate
• Data-driven decision makingintermediate
• Communication skillsintermediate
• AI/ML related attacksintermediate
• AI Red Teamingintermediate
• Responsible AIintermediate

Required Qualifications

• Bachelor’s degree in Computer Science, Engineering, Math, or equivalent industry experience. (experience)
• 10+ years of progressive experience in Security Engineering, Product Security, and Offensive Security/Penetration Testing, ideally in a high-scale, dynamic environment. (experience)
• 5+ years leading and scaling multi-disciplinary security teams, including managing managers, responsible for large-scale production systems in high-stakes domains. (experience)
• Deep expertise in driving secure architecture, advanced threat modeling, and application of security research to proactively identify and mitigate emerging risks at scale in mission-critical systems. (experience)
• Strong understanding of emerging threats, including AI/ML related attacks, to drive measurable risk reduction across the organization, with a proven ability to manage crises and high-impact security events. (experience)
• Extensive experience securing cloud infrastructure (AWS, Azure, or GCP) (experience)
• Experience with DevSecOps, CI/CD security integration, and automation (experience)
• Knowledge of container security (Docker, Kubernetes) and microservices architectures (experience)
• Experience with infrastructure-as-code (Terraform, CloudFormation, Ansible) (experience)
• Strong ability to make data-driven decisions and prioritize initiatives that meaningfully improve key security metrics. (experience)
• Excellent communication skills with technical and non-technical stakeholders (experience)

Preferred Qualifications

• Familiarity with compliance or privacy frameworks such as SOC 2, GDPR, PCI, or HIPAA. (experience)
• AI Red Teaming and Responsible AI skills (experience)

Responsibilities

• Define and lead Instacart’s long-term product security strategy, driving measurable improvements across all product surfaces.
• Lead multiple product security teams, setting clear direction across offensive security, secure design, architecture reviews, and security tooling.
• Partner with engineering and product orgs to integrate security seamlessly into the SDLC, enabling high-velocity development without compromising security.
• Build scalable, durable capabilities by operationalizing security tooling, frameworks, and workflows used across engineering teams.
• Guide teams through complex offensive security engagements to uncover security defects, anti-patterns, and emerging risks, driving mitigation plans across the organization.
• Design and implement security controls for cloud environments (AWS, GCP, etc.)
• Build a security-first culture across engineering and operations teams

Tags & Categories