Insider Threat Investigator
About the Team At DoorDash we’re building the industry’s most scalable and reliable delivery network to support our three-sided marketplace of consumers, merchants, and Dashers. Security is integral to the success of the business, as we secure the data and protect the privacy of our business and various stakeholders. The Security Operations team spans several capabilities, to include Threat Response, Threat Hunt, Threat Intelligence, Detection Engineering, Corporate Security, and Security Platform Engineering. Our Mission is to create a secure DoorDash environment through proactive threat preparation and rapid response. We are committed to protecting our people, partners, customers, and technologies with robust safeguards and unwavering vigilance.
About the Role
The Insider Threat Investigator will be a foundational member of the Internal Investigations team, Security Operations. This role will be responsible for monitoring, detecting, investigating, and responding to anomalous events and behaviors that may pose risk to the company. This is a critical role that will analyze threat intelligence, develop use cases, conduct data analysis, execute complex investigations, drive detection engineering, write reports, advise on preventative controls, and collaborate with multiple internal teams to ensure coordinated investigation and response efforts. You will report into the Director, Security Operations under the Chief Information Security Officer. You’re excited about this opportunity because you will…
- Use monitoring and detection platforms to investigate anomalous activity for potential insider risk
- Advise and assist in the onboarding and implementation of custom tooling designed to alert on anomalous behaviors
- Create and maintain a use case library to inform detections, and develop corresponding playbooks and escalation procedures
- Create standard operating procedures and cross-functional processes to govern investigation and response collaboration between teams
- Prepare investigative reports and briefings for leadership
- Maintain chain-of-evidence and engage with External Law Enforcement, when required
- Lead training or other education and awareness opportunities for the enterprise as required
We’re excited about you because…
- 7+ years of experience in federal law enforcement, incident response, or insider threat investigations.
- Experience with a broad range of technologies including endpoint detection and network technologies, SOAR/SIEM platforms, User Entity Behavior Analytics (UEBA) platforms, and User Activity Monitoring (UAM), and Data Loss Prevention (DLP) tools
- Deep experience in conducting ethical, legal, complex investigations
- Understanding of cloud and distributed IT environments
- Familiarity with log sources, forwarders, parsing, and data pipelines
- Experience partnering with cross functional teams to support an investigation
- Excellent understanding of information security operations related frameworks and standards (e.g., MITRE Att&ck and NIST)
- Excellent verbal and written communication, presentation, and stakeholder management skills
- Relevant certifications (e.g. CDITR, SEI certs, ACFE, ATAP)
We expect this position to be filled by 9/9/25. Notice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only We use Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023, and resumed using Covey Scout for Inbound again on June 29, 2024. The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: Covey Apply tot his job Apply To this Job