Senior Product Security Engineer at DigitalOcean (Remote)
We’re looking for a Senior Product Security Engineer to solve large-scale security challenges while reducing their impact and burden on engineering. We believe application security best enables the enterprise when it integrates into developer lifecycles. Your work will make our million+ customers more secure and will help ensure that DigitalOcean is a respected contributor to the broader security community.
As a member of the Product and Infrastructure Security team, you will report to the Manager of Product Security and collaborate with other security teams and the rest of DigitalOcean to find innovative ways to make the systems we build as safe as possible. Security at DO means solving incredibly complex problems at a high-scale that have real impact for our customers, our products, and for the larger internet community.What you’ll be doing:
Review architecture and code and provide security guidance (60%)
- Advise engineers on how to mitigate or avoid web, API, and systems-level vulnerabilities.
- Collaborate with product managers, designers, and engineers to threat model and architect secure and resilient systems.
- Review source code against secure coding best practices and contribute security requirements.
Create a paved road for engineers to build securely (20%)
- Lead the software design and implementation of security services, tools, and libraries to provide secure defaults to the rest of the organization.
- Promote security remediations in the CI/CD pipeline by building tools and services for engineers to consume.
Cultivate and promote a security culture (20%)
- Champion an internal security culture (e.g. developer training, internal CTFs, etc.).
- Help DigitalOcean engineers understand how security events impact them. Do they need to worry about the next Log4j CVE?
We know you will have a unique combination of skills and don’t expect you to check every box on this list. Below are some of the skills that you have already acquired or will have the opportunity to learn while at DigitalOcean:
- Ability to clearly communicate security topics and vulnerability classes (e.g. OWASP Top Ten) and provide actionable direction to product teams.
- A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity. Engineering teams are our partners, not our adversaries.
- 3+ years experience guiding software teams on security architecture design
- Working knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery), network architecture, and/or system architecture.
- Experience building or reviewing threat models and ability to craft malicious user, attacker, and abuse/misuse cases.
- Working knowledge of hardware and software supply chain security.
- We value development. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that is always challenging ourselves to continuously grow. We maintain a growth mindset in everything we do and invest deeply in employee development through formalized mentorship, LinkedIn Learning tracks, and other internal programs. We also provide all employees with reimbursement for relevant conferences, training, and education.
- We care about your physical, financial and mental well-being. We offer competitive health, dental, and vision benefits for employees and their dependents, a monthly gym stipend to support your physical health, and a commute or internet allowance to make your trips to your office or your desk easier. We offer generous parental leave with transition time built-in upon return to work. We offer competitive compensation and a 401k plan with up to a 4% employer match.
- We support our remote employee experience. While we have great office spaces in NYC and Cambridge, we’re very distributed—we use a number of communication tools to connect across the company—and all remote employees have the opportunity to visit our offices and meet their teams face-to-face at team offsites. We also have an annual company offsite, Shark Week, to get quality in-person time with the entire company at least once a year. We also allow employees to outfit their workstations to meet their needs—whether remote or in office.
- We value diversity and inclusivity. We are an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
*This is a remote role
For all CO residents, please click here
Department: Security #LI-Remote
Want to learn more about our Security team? Clickhere!
Want an inside look into life at DO? Clickhere to hear from our employees!