Instacart

Compensation

Full Description

We're transforming the grocery industry At Instacart, we invite the world to share love through food because we believe everyone should have access to the food they love and more time to enjoy it together. Where others see a simple need for grocery delivery, we see exciting complexity and endless opportunity to serve the varied needs of our community. We work to deliver an essential service that customers rely on to get their groceries and household goods, while also offering safe and flexible earnings opportunities to Instacart Personal Shoppers. Instacart has become a lifeline for millions of people, and we’re building the team to help push our shopping cart forward. If you’re ready to do the best work of your life, come join our table. Instacart is a Flex First team There’s no one-size fits all approach to how we do our best work. Our employees have the flexibility to choose where they do their best work—whether it’s from home, an office, or your favorite coffee shop—while staying connected and building community through regular in-person events. Learn more about our flexible approach to where we work. Overview About the Role - As a Staff Security Engineer, Red Team, you will lead offensive security efforts to proactively identify vulnerabilities, simulate real-world threats, and measure the effectiveness of defenses across Instacart’s systems. You will design and execute creative red team campaigns while collaborating with blue teams and other stakeholders to strengthen our ability to detect, respond to, and remediate threats swiftly. Your expertise will drive improvements in the security posture of our products, platforms, and operations. About the Team - The Security Team at Instacart is focused on protecting our customers, shoppers, partners, and employees while supporting the company’s mission to create a world where everyone has access to the food they love. Our Red Team emulates adversaries to uncover weaknesses proactively and improve system-wide resilience. You'll work in a collaborative, fast-paced environment where security innovation and collaboration are central to our success. About the Job Design and execute comprehensive red team operations targeting Instacart's unique attack surface (mobile apps, web platform, logistics systems, payment processing, customer/shopper data) Develop annual red team roadmap aligned with business priorities and emerging threats to e-commerce platforms Collaborate with leadership to prioritize high-value targets and realistic threat scenarios Present findings and strategic recommendations to executive leadership Lead complex red team engagements simulating advanced persistent threats and organized cybercrime groups Conduct adversary emulation exercises based on threat intelligence relevant to retail, fintech, and logistics sectors Test security controls across cloud infrastructure (AWS/GCP), mobile applications (iOS/Android), APIs, and internal networks Execute social engineering campaigns against employees, shoppers, and corporate functions Develop custom tooling, exploits, and tradecraft specific to Instacart's technology stack About You Minimum Qualifications 7+ years of experience in offensive security, penetration testing, or a related field, with proven expertise in red team operations. Strong understanding of adversary tactics, techniques, and procedures (TTPs), as well as frameworks like MITRE ATT&CK. Skilled in developing custom exploits, tools, or scripts using programming languages (e.g., Python, Go, C/C++, etc.). Proficient in penetration testing for various environments, such as web applications, cloud infrastructures, and on-prem systems. Strong knowledge of Windows, Linux, and macOS operating systems, including relevant exploitation techniques. Experience conducting collaborative purple team exercises and improving detection and response strategies. Ability to deliver comprehensive findings and recommendations tailored to technical and non-technical audiences. Exceptional organizational and self-management skills for handling complex, cross-functional projects. Preferred Qualifications Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Engineering, or related work experience. Experience with red team tools such as Cobalt Strike, Metasploit, Empire, or similar frameworks. Familiarity with threat modeling, attack simulations, and adversary emulation frameworks. Expertise in securing modern cloud environments (AWS, GCP, Azure) and ephemeral systems like containers or serverless architectures. Recognized certifications such as OSCP, OSEP, GIAC, GXPN, or similar offensive security credentials. Strong knowledge of evasion techniques and bypassing security controls (e.g., AV, EDR, WAF). #LI-Remote Instacart provides highly market-competitive compensation and benefits in each location where our employees work. This role is remote and the base pay range for a successful candidate is dependent on their permanent work location. Please review our Flex First remote work policy here. Offers may vary based on many factors, such as candidate experience and skills required for the role. Additionally, this role is eligible for a new hire equity grant as well as annual refresh grants. Please read more about our benefits offerings here. For US based candidates, the base pay ranges for a successful candidate are listed below. CA, NY, CT, NJ $260,000—$289,000 USD WA $249,000—$277,000 USD OR, DE, ME, MA, MD, NH, RI, VT, DC, PA, VA, CO, TX, IL, HI $239,000—$266,000 USD All other states $216,000—$240,000 USD