Listing Description

Do you ever wonder what happens inside the cloud?

Headquartered in New York but based around the world, DigitalOcean is a dynamic, high-growth technology company that serves a robust and passionate community of developers around the world. Our mission is to simplify cloud computing for every developer. We are working on solving some of the most challenging and interesting technology projects around, on a scale unmatched by most.

We are looking for someone to oversee the security direction of DigitalOcean’s next generation customer role-based access management (DigitalOcean IAM) solution.

We’re looking for a senior-level Product Security Engineer to act as a security architect overseeing critical consumer-facing security features in DigitalOcean’s cloud. We believe application security best enables the enterprise when it integrates into developer lifecycles. Your work will make our million+ customers more secure and will help ensure that DigitalOcean is a respected contributor to the broader security community.

As a member of the Security Engineering team, you will report to the Manager of Product Security. You will collaborate with other security teams and the rest of DigitalOcean to guide secure architecture design and reduce security risk in the organization through the construction of guardrails and paved paths that empower engineers to make informed security decisions. Security at DO means solving incredibly complex problems at a high-scale that have real impact for our customers, our products, and for the larger internet community.

What you’ll be doing:

Your first project will be to represent security’s perspective and expertise and drive ongoing efforts to design DigitalOcean’s next-generation role-based consumer identity access management product with a focus on simplicity and user experience. How do we make the secure path the easy path? How do we maintain an authorization model in a distributed, microservice environment? We don’t expect you to have all the answers offhand, but you should be familiar with the authorization space and have enough knowledge to understand what to research to provide product and engineering with appropriate guidance. You will begin this role ~70% dedicated to this function.

• Partner closely with product management during planning to assess authorization features of high importance and to provide input around how a feature might be used (or misused).


• Partner closely with engineering to design and implement solutions for customer identity access management by overseeing the security architecture design and implementation of Go services in DigitalOcean’s IAM and RBAC products.

After this embedded focus on our upcoming IAM product, you will continue to partner with customer-facing products on security designs and can expect to participate in the following Product Security missions:

Review architecture and code and provide security guidance (60%)

• Provide holistic assessments of security layers across infrastructure, application, people, and process.


• Collaborate with product managers, designers, and engineers to threat model and architect secure and resilient systems.


• Review source code against secure coding best practices and contribute security requirements.

Create a paved road for engineers to build securely (30%)

• Lead the software design and implementation of security services, tools, and libraries to provide secure defaults to the rest of the organization.


• Promote security remediations in the CI/CD pipeline by building tools and services for engineers to consume.


• Help build the platform that ensures software development at DigitalOcean is safe, easy, and low-risk.

Cultivate and promote a security culture (10%)

• Mentor and foster an environment of growth on the team.


• Champion an internal security culture (e.g. developer training, internal CTFs, etc.).


• Help DigitalOcean engineers understand how security events impact them. Do they need to worry about the next Log4j CVE? How does RetBleed impact DigitalOcean’s fleet?

What You'll Add to DigitalOcean: 

We know you will have a unique combination of skills and don’t expect you to check every box on this list. Below are some of the skills that you have already acquired or will have the opportunity to learn while at DigitalOcean:

Required qualifications:

• Ability to clearly communicate security topics and vulnerability classes (e.g. authorization/access control) and provide actionable direction to product teams.


• Comfortable understanding of centralized vs. distributed authorization patterns for microservices and capable of discussing tradeoffs with engineers.


• A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathetic guidance. Engineering teams are our partners, not our adversaries.


• Awareness and empathy for the user and developer experience.

Preferred qualifications:

• Experience building, reviewing, and communicating formal or informal threat models to non-security professionals and ability to craft malicious user, attacker, and abuse/misuse cases.


• Working knowledge of hardware and software supply chain security.


• Hands-on experience in software engineering projects. We primarily develop in Go, JavaScript, and Python. You are comfortable writing robust code with good test coverage and can point to specific examples of projects you’ve successfully delivered in the past.

Why You’ll Like Working for DigitalOcean:

• We value development. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that is always challenging ourselves to continuously grow. We maintain a growth mindset in everything we do and invest deeply in employee development through formalized mentorship, LinkedIn Learning tracks, and other internal programs. We also provide all employees with reimbursement for relevant conferences, training, and education.


• We care about your physical, financial and mental well-being. We offer competitive health, dental, and vision benefits for employees and their dependents, a monthly gym stipend to support your physical health, and a commute or internet allowance to make your trips to your office or your desk easier. We offer generous parental leave with transition time built-in upon return to work. We offer competitive compensation and a 401k plan with up to a 4% employer match. 


• We support our remote employee experience. While we have great office spaces in NYC and Cambridge, we’re very distributed—we use a number of communication tools to connect across the company—and all remote employees have the opportunity to visit our offices and meet their teams face-to-face at team offsites. We also have an annual company offsite, Shark Week, to get quality in-person time with the entire company at least once a year. We also allow employees to outfit their workstations to meet their needs—whether remote or in office.


• We value diversity and inclusivity. We are an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

*This is a remote role

*Salary range of $123,000-$184,000

*Bonus of 10%

*ESPP employee contribution

*Equity Programs

*Medical, Dental, Vision offered and costs covered by DigitalOcean up to 90%

*Gym Stipend of $100/month

*Internet/Phone Stipend of $200/month

*401(k) match up to 4% with no vesting

#LI-Remote

Department: Security #LI-Remote

Want to learn more about our Security team? Click here!

Want an inside look into life at DO? Click here to hear from our employees!