Senior Product Security Engineer – Instacart Hiring


Website Instacart

Position Summary:

As a Product Security team, our mission is to Find, Fix & Prevent security vulnerabilities within Instacart’s products and services. The Product Security team provides guidance and tooling to the engineering and product teams that help minimize the security risk for millions of Instacart users. You will have an opportunity to lead high impactful projects across the platform and assist in improving the internal team processes. You will be directly influencing the security posture of many products and systems across the company.

Key Responsibilities:

  • Provide consultation to product teams in security architecture & design, and conduct security reviews of new & existing products and services.
  • Design, implement and ship high-quality security features/services for the product and internal tools across Instacart, such as
  • Data Analytics hardening
  • Designing & Implementing an authorization module for internal tools
  • Automating vulnerable dependency management process.
  • Advocate & lead complex security projects from inception through completion, working closely with engineering, legal & product teams.
  • Identify unaddressed areas of security weakness and help the teams come up with efficient and scalable solutions.
  • Maintain strong knowledge of current security threats, mitigations, and operational best practices.
  • Provide security training, outreach, and guidance to our internal development teams.
  • Triage, analyze, and investigate security bug bounty issues reported to Instacart.
  • Participate in regular security on-call rotations.

Required Education & Experience:

  • Experience with Ruby and/or Python or the desire to learn them quickly
  • Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent work experience
  • Effective communication skills – ability to serve as a security advocate and evangelist
  • Solid understanding of the common application and infrastructure security vulnerabilities and mitigations
  • Bonus Points – Active contributor to the security community (Security research, CVEs, bug-bounty recognitions, open-source, blogs, publications…)
  • Experience with large-scale web applications and backend services, including API design, access management, authorization, authentication, data protection, and encryption
  • 7+ years of relevant Security Engineering experience within a technology organization, including software development, threat modeling, security assessments, and broader security technologies.