Loading...

Senior Security Engineer, Infrastructure

Instacart at a glance

instacart.com
  • Founded 2012
  • Ticker CART
CART 48.08 USD +1.80%
  • Revenue (FY2025) $3.74B
  • Net income $447.00M

Investor research: Yahoo Finance · SEC filings

Source: Wikipedia

Instacart

We’re transforming the grocery industry

At Instacart, we invite the world to share love through food because we believe everyone should have access to the food they love and more time to enjoy it together. Where others see a simple need for grocery delivery, we see exciting complexity and endless opportunity to serve the varied needs of our community. We work to deliver an essential service that customers rely on to get their groceries and household goods, while also offering safe and flexible earnings opportunities to Instacart Personal Shoppers.

Instacart has become a lifeline for millions of people, and we’re building the team to help push our shopping cart forward. If you’re ready to do the best work of your life, come join our table.

Instacart is a Flex First team

There’s no one-size fits all approach to how we do our best work. Our employees have the flexibility to choose where they do their best work—whether it’s from home, an office, or your favorite coffee shop—while staying connected and building community through regular in-person events. Learn more about our flexible approach to where we work.

Overview

The CAPS team at Instacart is responsible for securing Cloud infrastructure, AI systems, and Product surfaces. We work closely with all other engineering teams, enabling them to roll out new product features and internal productivity systems in a secure way. Members of the CAPS team assume ownership of security risks and find solutions that mitigate whole classes of vulnerabilities.

About the Job

  • Identify business-critical risks across Instacart’s cloud accounts, identity stack, AI/agent platforms, and product services.
  • Define remediation strategies that scale: prefer guardrails and platform changes over one-off fixes.
  • Build secure-by-default primitives — policy-as-code, paved-road infra modules, identity and access frameworks — that make the safe path the easy path for product teams.
  • Operate the SaaS and internal security platforms that back those guardrails (CSPM, IAM governance, vulnerability management, AMI/image supply chain, secrets, audit) and extend them with internal tooling when off-the-shelf falls short.
  • Lead investigations, root-cause incidents and findings, and drive variant analysis across the codebase to make sure a class of bug is gone — not just one instance.
  • Coach and mentor engineers across security and other functions.

About You

Minimum Qualifications

  • 5+ years in security engineering, with depth in at least two of: cloud security (AWS/GCP), identity & access engineering, vulnerability management at scale, or secure infrastructure platform engineering.
  • 3+ years of experience performing code reviews and design reviews.
  • Proficiency in Python or TypeScript sufficient to build and maintain internal services (APIs, scanners, dashboards) — not just glue scripts.
  • Working knowledge of cloud IAM (roles, trust policies, federation, SCPs/org policies) and the attack paths it enables when misconfigured.
  • Hands-on Infrastructure-as-Code experience (Terraform, CloudFormation, or equivalent).
  • Experience driving a remediation program end-to-end: discovery → ownership routing → fix → measurement → prevention.
  • Understanding of SaaS architectures, common risks, and threat models.
  • Experience with Variant Analysis, Root Cause Analysis, or Secure Frameworks.

Preferred Qualifications

  • Track record of security research, competitive hacking, or OSS contributions.
  • Track record building internal security platforms that other engineers actually adopt — IAM attack-path analysis, vulnerability management, supply-chain/AMI pipelines, secrets management, GRC automation, or similar.
  • Policy-as-code authoring at organization scope (OPA/Rego, Terraform Sentinel/equivalent) with disciplined test coverage and rollout/grandfathering strategies.
  • Cloud Security Posture Management (CSPM) at scale — Wiz/Prisma/equivalent, including remediation programs spanning IaC findings and live threat findings (C2, credential abuse), plus running scan infrastructure across CI fleets.
  • Identity governance experience with a modern IGA stack (ConductorOne, Sailpoint, Veza, or equivalent) including just-in-time access, auto-approval policies, and SoD constraints.
  • Experience securing AI/LLM platforms — model gateways, agent frameworks, MCP servers, prompt injection mitigations — or strong appetite to build that practice from a cloud-security foundation.

Instacart provides highly market-competitive compensation and benefits in each location where our employees work. This role is remote and the base pay range for a successful candidate is dependent on their permanent work location. Please review our Flex First remote work policy here.

Offers may vary based on many factors, such as candidate experience and skills required for the role. Additionally, this role is eligible for a new hire equity grant as well as annual refresh grants. Please read more about our benefits offerings here.

For US based candidates, the base pay ranges for a successful candidate are listed below.

CA, NY, CT, NJ
$199,000$210,000 USD
WA
$191,000$201,000 USD
OR, DE, ME, MA, MD, NH, RI, VT, DC, PA, VA, CO, TX, IL, HI
$183,000$193,000 USD
All other states
$166,000$175,000 USD

To apply for this job please visit instacart.careers.

Terms used in this posting

equity
Ownership stake in the company, usually in the form of stock options or RSUs, offered in addition to salary.

What people say about Instacart

Recent news

Aggregated from public discussions and news; opinions are the authors’ own.

Working in United States - Remote

Weather right now in United States - Remote: checking… · Local time: · Air quality: · Daylight:

Oregon is a state in the Pacific Northwest region of the United States. It is a part of the Western United States, with the Columbia River delineating much of Oregon's northern boundary with Washington, while the Snake River delineates much of its eastern boundary with Idaho. The 42° north parallel delineates the southern boundary with California and Nevada. The western boundary is formed by the P

🇺🇸 Relocation safety for US: Exercise Normal Cautionvia Warnely, CC BY 4.0

  • Elevation 75m (246 ft)

Source: Wikipedia (state)

Job details above are provided by the employer/source. The sections on this page are compiled from public data sources with AI assistance.

Accommodations: if you need a workplace accommodation to apply for or perform this job, see ADA.gov or EEOC.gov for guidance on your rights and how to request one.

Add application deadline to calendar

Keep exploring on Get A Job.ai

Not quite the right fit? Your next opportunity is a click away.

Hiring instead? Post a job and reach candidates searching right now.