Head of Product Security

Overview

The Security Engineering organization at Instacart is responsible for protecting the security and privacy of Instacart’s products, data, and users. With the right mix of engineering rigor, thoughtful tooling, and cross-functional partnership, we can meaningfully elevate our security posture while still moving quickly.

We are seeking a Head of Product Security to lead and scale our product security programs across Instacart’s consumer, shopper, retailer, and enterprise product lines. This leader will drive the long-term vision for how product security supports our business, guiding multiple teams across offensive security, secure architecture, threat modeling, and developer enablement. You will work closely with senior engineering and product leaders to embed security into fast-paced development cycles and ensure Instacart continues to ship secure, reliable products at scale. This is a high-impact role in a dynamic, rapidly evolving environment - ideal for a leader who thrives in ambiguity, enjoys building teams and systems from the ground up, and is energized by complex technical and organizational challenges.

About the Job

• Define and lead Instacart’s long-term product security strategy, driving measurable improvements across all product surfaces.
• Lead multiple product security teams, setting clear direction across offensive security, secure design, architecture reviews, and security tooling.
• Partner with engineering and product orgs to integrate security seamlessly into the SDLC, enabling high-velocity development without compromising security.
• Build scalable, durable capabilities by operationalizing security tooling, frameworks, and workflows used across engineering teams.
• Guide teams through complex offensive security engagements to uncover security defects, anti-patterns, and emerging risks, driving mitigation plans across the organization.
• Design and implement security controls for cloud environments (AWS, GCP, etc.)
• Build a security-first culture across engineering and operations teams

About You

Minimum Qualifications

• Bachelor’s degree in Computer Science, Engineering, Math, or equivalent industry experience.
• 10+ years of progressive experience in Security Engineering, Product Security, and Offensive Security/Penetration Testing, ideally in a high-scale, dynamic environment.
• 5+ years leading and scaling multi-disciplinary security teams, including managing managers, responsible for large-scale production systems in high-stakes domains.
• Deep expertise in driving secure architecture, advanced threat modeling, and application of security research to proactively identify and mitigate emerging risks at scale in mission-critical systems.
• Strong understanding of emerging threats, including AI/ML related attacks, to drive measurable risk reduction across the organization, with a proven ability to manage crises and high-impact security events.
• Extensive experience securing cloud infrastructure (AWS, Azure, or GCP)
• Experience with DevSecOps, CI/CD security integration, and automation
• Knowledge of container security (Docker, Kubernetes) and microservices architectures
• Experience with infrastructure-as-code (Terraform, CloudFormation, Ansible)
• Strong ability to make data-driven decisions and prioritize initiatives that meaningfully improve key security metrics.
• Excellent communication skills with technical and non-technical stakeholders

Preferred Qualifications

• Familiarity with compliance or privacy frameworks such as SOC 2, GDPR, PCI, or HIPAA.
• AI Red Teaming and Responsible AI skills