Senior Security Engineer

    • San Francisco, CA


We're looking for experienced Engineers to join our fast moving team. We work on a range of interesting and challenging problems, from supporting thousands of concurrent shoppers and processing millions of data points in real time, to determining the best route for deliveries and predicting store inventory levels.

At Instacart, we hold ourselves greatly responsible for protecting our customers', shoppers', partners' data and provide a secure platform to shop. As one of the early members of the security team, you will have a tremendous impact on Instacart's security posture and engineering culture. This is a great opportunity for someone who wants to have a large sense of ownership, grow extraordinarily in their career, develop cross-functional technical and soft skills, in not just security, but engineering overall. Our platform is complex, rapidly scaling and processing millions of transactions in real-time, all of the time.


  • Build, deploy and maintain tools to help with security intrusion detection, audit, and response.
  • Investigate and respond to security incidents, automating the investigation and/or remediation where possible
  • Conduct application design and code reviews on an ongoing basis
  • Help identify risk patterns and offer proactive defense suggestions
  • Create, review and maintain RBAC policies across AWS, GCP and Kubernetes in line with the principles of least privilege
  • Work with stakeholders across the organization, provide security training and outreach to our internal development teams to achieve a consistently high security bar

  • Experience with Python and/or Go or the desire to learn them quickly
  • Experience with Cloud Infrastructure Security (AWS/GCP) and SOA patterns
  • Solid understanding of application security concepts and best practices
  • Ability to understand application and system architectures holistically
  • Dexterity to identify, analyze, scope, contain and eradicate real-world threats
  • Experience with Secure development life-cycle (SDLC) practices including threat modelling and security testing

  • Experience with GDPR, CCPA and SOC2 compliance
  • Experience running bug bounty programs and triaging/resolving security vulnerabilities in the application layer.

Back to top