Senior Manager, Security Engineering - Purple Team

We're transforming the grocery industry

At Instacart, we invite the world to share love through food because we believe everyone should have access to the food they love and more time to enjoy it together. Where others see a simple need for grocery delivery, we see exciting complexity and endless opportunity to serve the varied needs of our community. We work to deliver an essential service that customers rely on to get their groceries and household goods, while also offering safe and flexible earnings opportunities to Instacart Personal Shoppers.

Instacart has become a lifeline for millions of people, and we’re building the team to help push our shopping cart forward. If you’re ready to do the best work of your life, come join our table.

Instacart is a Flex First team

There’s no one-size fits all approach to how we do our best work. Our employees have the flexibility to choose where they do their best work—whether it’s from home, an office, or your favorite coffee shop—while staying connected and building community through regular in-person events. Learn more about our flexible approach to where we work.

Overview

About the Role - Instacart is seeking a Senior Manager, Purple Team to evolve and lead our proactive cybersecurity capabilities. In this strategic leadership role, you’ll oversee the integration of offensive (Red Team) and defensive (Detection Team) functions to continuously strengthen Instacart’s threat detection, response, and resilience.

You will lead multiple teams of seasoned security professionals, drive the long-term vision for adversary emulation and detection engineering, and ensure that our cybersecurity posture scales with the company’s growth.

About the Team - At Instacart, safeguarding our platform and users is core to our mission. The Purple Team is at the forefront of our cybersecurity efforts, combining offensive (Red Team) and defensive (Blue Team) expertise to identify vulnerabilities, simulate real-world threats, and strengthen our detection and response capabilities.

Operating in a dynamic, high-impact environment, the Purple Team collaborates across teams to proactively defend against evolving cyber threats, ensuring the safety and trust of millions of customers, shoppers, and partners every day. Joining this team means driving meaningful change and directly contributing to Instacart’s security-first culture.

About The Job

Detection Team Responsibilities

• Define and execute the detection engineering strategy aligned with organizational security objectives
• Establish detection coverage goals across the MITRE ATT&CK framework and other threat models
• Present metrics, roadmaps, and program updates to senior leadership and stakeholders
• Recruit, hire, and retain top detection engineering talent
• Review and approve detection logic for accuracy, performance, and coverage
• Maintain awareness of emerging threats, attack techniques, and detection methodologies
• Collaborate with Threat Intelligence to translate threat research into actionable detections
• Partner with Incident Response to develop detections based on investigation findings
• Coordinate with IT and Engineering teams on log source onboarding and data quality
• Engage with compliance and risk teams to ensure regulatory detection requirements are met

Red Team Responsibilities

• Design and execute comprehensive red team operations targeting Instacart's unique attack surface (mobile apps, web platform, logistics systems, payment processing, customer/shopper data)
• Develop annual red team roadmap aligned with business priorities and emerging threats to e-commerce platforms
• Collaborate with leadership to prioritize high-value targets and realistic threat scenarios
• Present findings and strategic recommendations to executive leadership
• Lead complex red team engagements simulating advanced persistent threats and organized cybercrime groups
• Conduct adversary emulation exercises based on threat intelligence relevant to retail, fintech, and logistics sectors
• Test security controls across cloud infrastructure (AWS/GCP), mobile applications (iOS/Android), APIs, and internal networks
• Execute social engineering campaigns against employees, shoppers, and corporate functions
• Develop custom tooling, exploits, and tradecraft specific to Instacart's technology stack

About You

Minimum Qualifications

• 10+ years of progressive experience in cybersecurity with at least 3+ years in a management or leadership role.
• Proven hands-on experience in Red Teaming, Detection Engineering, or Purple Teaming in a medium or large-scale organization.
• Thorough understanding of attack tactics, techniques, and procedures (TTPs), MITRE ATT&CK framework, and defensive countermeasures.
• Proficiency with common security tools and platforms (e.g., SIEMs, EDR, adversary emulation frameworks, breach simulators).
• Advanced knowledge of incident detection and response processes.

Preferred Qualifications

• A degree in Cybersecurity, Computer Science, or a related field (or equivalent experience).
• Relevant industry certifications such as CISSP, OSCP, GIAC, CEH, etc.
• Strong leadership and project management skills, with a track record of delivering measurable results.
• Exceptional verbal and written communication skills, with the ability to tailor messaging for technical and non-technical audiences.

#Li-Remote

Instacart provides highly market-competitive compensation and benefits in each location where our employees work. This role is remote and the base pay range for a successful candidate is dependent on their permanent work location. Please review our Flex First remote work policy here.

Offers may vary based on many factors, such as candidate experience and skills required for the role. Additionally, this role is eligible for a new hire equity grant as well as annual refresh grants. Please read more about our benefits offerings here.

For US based candidates, the base pay ranges for a successful candidate are listed below.

CA, NY, CT, NJ$260,000—$289,000 USDWA$249,000—$277,000 USDOR, DE, ME, MA, MD, NH, RI, VT, DC, PA, VA, CO, TX, IL, HI$239,000—$266,000 USDAll other states$216,000—$249,000 USD