[Remote] Engineering Manager, Red Team
Note: The job is a remote job and is open to candidates in USA. DoorDash is a technology and logistics company that empowers local economies. They are seeking an Engineering Manager for their Red Team to lead offensive security initiatives, enhance team capabilities, and ensure effective remediation of security findings.
Responsibilities
- Define the red team's strategic roadmap — engagement cadence, target prioritization, and capability development — aligned to DoorDash's threat landscape
- Lead, coach, and grow a team of offensive security engineers. Hire intentionally to fill capability gaps as the team scales
- Stay technically involved in engagement scoping, methodology, and tooling architecture. Guide adversary simulation, not just manage it
- Drive remediation outcomes cross-functionally — partner with detection/response, AppSec, infrastructure security, and product engineering to make sure findings get fixed, not just documented
- Build purple team workflows with detection engineering to validate and improve defensive coverage
- Direct the development of red team infrastructure and custom tooling as production-quality software
- Translate offensive findings into risk language that engineers, VPs, and non-technical stakeholders can act on
- Design repeatable processes and metrics that communicate the team's value in terms of risk reduction, not just finding count
Skills
- 7+ years of offensive security experience (red teaming, adversary simulation, penetration testing) with at least 3 years managing offensive security practitioners
- Deep, hands-on red team expertise — you speak fluently about TTPs, attack chains, tradecraft, and tooling because you've done the work, not just managed it. Demonstrated player-coach balance between technical depth and management responsibilities
- Track record of shaping security strategy beyond your own team — influencing engineering, product, or infrastructure organizations to prioritize and act on findings, not just document them
- Experience with cloud-native offensive operations (AWS/GCP, Kubernetes, containerized microservices, CI/CD pipelines) and building or directing custom offensive tooling as engineered software, not just scripts
- People-first leadership — you coach, develop careers, provide honest feedback, and build team culture where offensive security practitioners grow
- Strong cross-functional influence — you can convince an engineering VP to allocate sprint capacity for remediation, partner with detection teams without being adversarial, and communicate the value of a red team in terms of risk reduction, not finding count
- Experience operating red teams at a marketplace, fintech, or logistics company at scale
- Background building or directing custom offensive tooling and C2 infrastructure
- Purple team experience — collaborative detection validation with blue team/DFIR partners
- Familiarity with threat intelligence-driven engagement scoping (mapping real adversary TTPs to organizational attack surface)
- Experience with global or distributed teams across time zones
- Relevant certifications: OSCP, OSCE, GXPN, CRTO, CRTL, or similar
Benefits
- 401(k) plan with employer matching
- 16 weeks of paid parental leave
- Wellness benefits
- Commuter benefits match
- Paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act)
- Medical, dental, and vision benefits
- 11 paid holidays
- Disability and basic life insurance
- Family-forming assistance
- Mental health program
- Flexible paid time off/vacation, plus 80 hours of paid sick time per year (For salaried roles)
- Vacation accrued at about 1 hour for every 25.97 hours worked (e.g. about 6.7 hours/month if working 40 hours/week; about 3.4 hours/month if working 20 hours/week) and paid sick time accrued at 1 hour for every 30 hours worked (e.g. about 5.8 hours/month if working 40 hours/week; about 2.9 hours/month if working 20 hours/week) (For hourly roles)
Company Overview
Company H1B Sponsorship