Insider Threat Investigator at DoorDash Chicago, IL

About the Team

Door Dash is building the industry’s most scalable and reliable delivery network, supporting a three-sided marketplace of consumers, merchants, and Dashers. The Security Operations team focuses on threat response, threat hunting, intelligence, detection engineering, corporate security, and security platform engineering, with the mission to create a secure environment through proactive threat preparation and rapid response.

The Insider Threat Investigator will be a foundational member of the Internal Investigations team within Security Operations. This role is responsible for monitoring, detecting, investigating, and responding to anomalous events and behaviors that may pose risk to the company. The investigator will analyze threat intelligence, develop use cases, conduct data analysis, execute complex investigations, drive detection engineering, write reports, advise on preventative controls, and collaborate with multiple internal teams to ensure coordinated investigation and response efforts.

• Use monitoring and detection platforms to investigate anomalous activity for potential insider risk.
• Advise and assist in the onboarding and implementation of custom tooling designed to alert on anomalous behaviors.
• Create and maintain a use case library to inform detections, and develop corresponding playbooks and escalation procedures.
• Create standard operating procedures and cross‑functional processes to govern investigation and response collaboration between teams.
• Prepare investigative reports and briefings for leadership.
• Maintain chain-of‑evidence and engage with external law enforcement when required.
• Lead training or other education and awareness opportunities for the enterprise as required.

• 7+ years of experience in federal law enforcement, incident response, or insider threat investigations.
• Experience with a broad range of technologies including endpoint detection, network technologies, SOAR/SIEM platforms, User Entity Behavior Analytics (UEBA) platforms, User Activity Monitoring (UAM), and Data Loss Prevention (DLP) tools.
• Deep experience in conducting ethical, legal, and complex investigations.
• Understanding of cloud and distributed IT environments.
• Familiarity with log sources, forwarders, parsing, and data pipelines.
• Experience partnering with cross‑functional teams to support an investigation.
• Excellent understanding of information security operations frameworks and standards (e.g., MITRE ATT&CK and NIST).
• Excellent verbal and written communication, presentation, and stakeholder management skills.
• Relevant certifications (e.g., CDITR, SEI certs, ACFE, ATAP).

The role offers a competitive salary within the range $159,800—$235,000 USD, equity opportunities, and a comprehensive benefits package that includes a 401(k) plan with employer matching, 16 weeks of paid parental leave, wellness benefits, commuter benefits match, paid time off and sick leave, medical/dental/vision coverage, 11 paid holidays, disability and life insurance, family‑forming assistance, and a mental health program.

In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on race, color, ancestry, national origin, religion, age, gender, marital or domestic partner status, sexual orientation, gender identity or expression, disability status, or veteran status. Above and beyond discrimination based on these protected categories, we also strive to prevent other subtle forms of inappropriate behavior.