Engineering Manager, Red Team

About The Position

Requirements

• 7+ years of offensive security experience (red teaming, adversary simulation, penetration testing) with at least 3 years managing offensive security practitioners.
• Deep, hands-on red team expertise — you speak fluently about TTPs, attack chains, tradecraft, and tooling because you've done the work, not just managed it. Demonstrated player-coach balance between technical depth and management responsibilities.
• Track record of shaping security strategy beyond your own team — influencing engineering, product, or infrastructure organizations to prioritize and act on findings, not just document them.
• Experience with cloud-native offensive operations (AWS/GCP, Kubernetes, containerized microservices, CI/CD pipelines) and building or directing custom offensive tooling as engineered software, not just scripts.
• People-first leadership — you coach, develop careers, provide honest feedback, and build team culture where offensive security practitioners grow.
• Strong cross-functional influence — you can convince an engineering VP to allocate sprint capacity for remediation, partner with detection teams without being adversarial, and communicate the value of a red team in terms of risk reduction, not finding count.

Nice To Haves

• Experience operating red teams at a marketplace, fintech, or logistics company at scale.
• Background building or directing custom offensive tooling and C2 infrastructure.
• Purple team experience — collaborative detection validation with blue team/DFIR partners.
• Familiarity with threat intelligence-driven engagement scoping (mapping real adversary TTPs to organizational attack surface).
• Experience with global or distributed teams across time zones.
• Relevant certifications: OSCP, OSCE, GXPN, CRTO, CRTL, or similar.

Responsibilities

• Define the red team's strategic roadmap — engagement cadence, target prioritization, and capability development — aligned to DoorDash's threat landscape.
• Lead, coach, and grow a team of offensive security engineers. Hire intentionally to fill capability gaps as the team scales.
• Stay technically involved in engagement scoping, methodology, and tooling architecture. Guide adversary simulation, not just manage it.
• Drive remediation outcomes cross-functionally — partner with detection/response, AppSec, infrastructure security, and product engineering to make sure findings get fixed, not just documented.
• Build purple team workflows with detection engineering to validate and improve defensive coverage.
• Direct the development of red team infrastructure and custom tooling as production-quality software.
• Translate offensive findings into risk language that engineers, VPs, and non-technical stakeholders can act on.
• Design repeatable processes and metrics that communicate the team's value in terms of risk reduction, not just finding count.

Benefits

• comprehensive benefits package to all regular employees
• 401(k) plan with employer matching
• 16 weeks of paid parental leave
• wellness benefits
• commuter benefits match
• paid time off
• paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act)
• medical benefits
• dental benefits
• vision benefits
• 11 paid holidays
• disability and basic life insurance
• family-forming assistance
• mental health program
• flexible paid time off/vacation (for salaried roles)
• 80 hours of paid sick time per year (for salaried roles)
• vacation accrued at about 1 hour for every 25.97 hours worked (for hourly roles)
• paid sick time accrued at 1 hour for every 30 hours worked (for hourly roles)
• equity grants
• premium healthcare
• wellness expense reimbursement