Security Engineer, API Security
Do you ever wonder what happens inside the cloud?
Headquartered in New York but based around the world, DigitalOcean is a dynamic, high-growth technology company that serves a robust and passionate community of developers around the world. Our mission is to simplify cloud computing for every developer. We are working on solving some of the most challenging and interesting technology projects around, on a scale unmatched by most.
We want people who are passionate about making the internet a safer place for everyone.
We're looking for an API Security Engineer to become a security expert on all things API at DigitalOcean. Your work will make our million+ customers more secure and will help ensure that DigitalOcean is a respected contributor to the broader security community.
You'll report to the Director of Product & Infrastructure Security and will work with the rest of DigitalOcean to find innovative ways to make the APIs we build as safe and resilient as possible. Our customers trust us with their data and operations, and we take that responsibility seriously. Security at DO means solving incredibly complex problems at a high-scale that have real impact for our customers, our products, and for the larger internet community.
What you’ll be doing:
Collaborate with engineers to design, build, and test resilient APIs
- Learn about and become the subject matter expert on our APIs
- Conduct secure code and business logic reviews
- Reason about and suggest security improvements to API architecture
Create a paved road for engineers to build securely
- Document and evangelize secure API design patterns
- Build and promote code libraries for API security
- Automate continuous security testing for our APIs
Cultivate and promote security culture
- Participate in outreach (e.g. developer training, office hours, internal CTFs)
- Write blog posts to highlight our API security practices
What you'll add to DigitalOcean:
We know you will have a unique combination of skills and don’t expect you to check every box on this list. Below are some of the skills that you have acquired already or will have the opportunity to learn while at DigitalOcean:
- Strong communication skills, both written and verbal
- A habit of approaching security problems with creativity and flexibility that takes the entire stack into consideration
- Experience collaborating with internal engineering teams and the ability to balance tradeoffs between security and product
- Ability to manage projects with multiple security initiatives
- Hands on experience designing, developing, and testing secure APIs (e.g. with gRPC, REST, GraphQL)
- Knowledge of secure design patterns for distributed systems
- Knowledge of authentication and authorization infrastructure (e.g. SAML, OpenID, OAuth)
- Experience building and reviewing threat models with the ability to craft malicious user, attacker, and abuse/misuse cases
- Experience with software engineering (you can write robust code with good test coverage and can point to specific examples of projects you’ve successfully delivered in the past)
- Experience with at least one of the following languages: Go, Ruby, or JavaScript
At least two of the following:
- Experience with Kubernetes, Envoy Proxy, and/or Istio Service Mesh
- Experience with distributed tracing and observability
- Experience automating API security testing into CI/CD pipelines
- Experience building secure-by-default frameworks and libraries
- Experience with mTLS
- Experience with fuzzing software for bugs and vulnerabilities
- Experience with managing and tuning WAF/RASP/DAST/IAST tools
Why You’ll Like Working for DigitalOcean:
- We value development. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that is always challenging ourselves to continuously grow. We maintain a growth mindset in everything we do and invest deeply in employee development through formalized mentorship, LinkedIn Learning tracks, and other internal programs. We also provide all employees with reimbursement for relevant conferences, training, and education.
- We care about your physical, financial and mental well-being. We offer competitive health, dental, and vision benefits for employees and their dependents, a monthly gym stipend to support your physical health, and a commute or internet allowance to make your trips to your office or your desk easier. We offer generous parental leave with transition time built-in upon return to work. We offer competitive compensation and a 401k plan with up to a 4% employer match.
- We support our remote employee experience. While we have great office spaces in NYC and Cambridge, we’re very distributed—we use a number of communication tools to connect across the company—and all remote employees have the opportunity to visit our offices and meet their teams face-to-face at team offsites. We also have an annual company offsite, Shark Week, to get quality in-person time with the entire company at least once a year. We also allow employees to outfit their workstations to meet their needs—whether remote or in office.
- We value diversity and inclusivity. We are an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
For all CO residents, please click here
Department: Security #LI-Remote
Want to learn more about our Security team? Click here!
Want an inside look into life at DO? Click here to hear from our employees!