Do you ever wonder what happens inside the cloud?
Headquartered in New York but based around the world, DigitalOcean is a dynamic, high-growth technology company that serves a robust and passionate community of developers around the world. Our mission is to simplify cloud computing for every developer. We are working on solving some of the most challenging and interesting technology projects around, on a scale unmatched by most.
We want people who are passionate about making the internet a safer place for everyone.
We’re looking for a Senior Product Security Engineer to solve large-scale security challenges while reducing their impact and burden on engineering. We believe application security best enables the enterprise when it integrates into developer lifecycles. Your work will make our million+ customers more secure and will help ensure that DigitalOcean is a respected contributor to the broader security community.
As a member of the Security Engineering team, you will report to the Manager of Product Security. You will collaborate with other security teams and the rest of DigitalOcean to guide secure architecture design and reduce security risk in the organization through the construction of guardrails and paved paths that empower engineers to make informed security decisions. Security at DO means solving incredibly complex problems at a high-scale that have real impact for our customers, our products, and for the larger internet community.
What you’ll be doing:
Review architecture and code and provide security guidance (60%)
- Provide holistic assessments of security layers across infrastructure, application, people, and process.
- Collaborate with product managers, designers, and engineers to threat model and architect secure and resilient systems.
- Review source code against secure coding best practices and contribute security requirements.
Create a paved road for engineers to build securely (30%)
- Lead the software design and implementation of security services, tools, and libraries to provide secure defaults to the rest of the organization.
- Promote security remediations in the CI/CD pipeline by building tools and services for engineers to consume.
- Help build the platform that ensures software development at DigitalOcean is safe, easy, and low-risk.
Cultivate and promote a security culture (10%)
- Champion an internal security culture (e.g. developer training, internal CTFs, etc.).
- Help DigitalOcean engineers understand how security events impact them. Do they need to worry about the next Log4j CVE? How does RetBleed impact DigitalOcean’s fleet?
What You'll Add to DigitalOcean:
We know you will have a unique combination of skills and don’t expect you to check every box on this list. Below are some of the skills that you have already acquired or will have the opportunity to learn while at DigitalOcean:
- Ability to clearly communicate security topics and vulnerability classes (e.g. OWASP Top Ten) and provide actionable direction to product teams.
- A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity. Engineering teams are our partners, not our adversaries.
- Working knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery).
- 3+ years experience guiding software teams on security architecture design.
- Working knowledge of network architecture, and/or system architecture.
- Experience building or reviewing threat models and ability to craft malicious user, attacker, and abuse/misuse cases.
- Working knowledge of hardware and software supply chain security.
Why You’ll Like Working for DigitalOcean:
- We value development. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that is always challenging ourselves to continuously grow. We maintain a growth mindset in everything we do and invest deeply in employee development through formalized mentorship, LinkedIn Learning tracks, and other internal programs. We also provide all employees with reimbursement for relevant conferences, training, and education.
- We care about your physical, financial and mental well-being. We offer competitive health, dental, and vision benefits for employees and their dependents, a monthly gym stipend to support your physical health, and a commute or internet allowance to make your trips to your office or your desk easier. We offer generous parental leave with transition time built-in upon return to work. We offer competitive compensation and a 401k plan with up to a 4% employer match.
- We support our remote employee experience. While we have great office spaces in NYC and Cambridge, we’re very distributed—we use a number of communication tools to connect across the company—and all remote employees have the opportunity to visit our offices and meet their teams face-to-face at team offsites. We also have an annual company offsite, Shark Week, to get quality in-person time with the entire company at least once a year. We also allow employees to outfit their workstations to meet their needs—whether remote or in office.
- We value diversity and inclusivity. We are an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
*This is a remote role
*Salary range of $123,000-$184,000
*Bonus of 10%
*ESPP employee contribution
*Medical, Dental, Vision offered and costs covered by DigitalOcean up to 90%
*Gym Stipend of $100/month
*Internet/Phone Stipend of $200/month
*401(k) match up to 4% with no vesting
Department: Security #LI-Remote
Want to learn more about our Security team? Click here!
Want an inside look into life at DO? Click here to hear from our employees!
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided