Senior Product Security Engineer
Based in New York, DigitalOcean is a dynamic, high-growth technology company that serves a robust and passionate community of developers, teams, and businesses around the world. We believe that today’s entrepreneurs are changing the world through software. Our mission is to empower these entrepreneurs by bringing modern app development within reach for any developer, anywhere in the world.We want people who are passionate about making the internet a safer place for everyone.
We are looking for a Product Security Engineer to solve large-scale, systemic security problems. Your work will make our million+ customers and tens of thousands of hypervisors more secure, and will help ensure that DigitalOcean is a respected and active contributor to the broader security community.
You'll report to the Director of Security Engineering and will work with the rest of DigitalOcean to find innovative ways to make the systems we build as safe as possible. Your technical contributions could include building central systems for the rest of DigitalOcean engineering to use, developing new testing tools for internal or external deployment, and advising other teams on the best ways to handle new vulnerabilities.
Our customers trust us with their data and operations, and we take that responsibility seriously. Security at DO means solving incredibly complex problems at a high-scale that have real impact for our customers, our products, and for the larger internet community.What You’ll Be Doing:
- Identify systemic problems in our environment, then develop and deploy security capabilities at scale, using languages such as Go and Ruby, and tools such as Kubernetes, Docker, and Chef.
- Partner with engineering teams to make sure that we deliver an excellent and secure workflow spanning development, deployment, and production monitoring.
- Participate in architecture reviews to identify risks in new systems and prioritize remediation work.
- Review & triage results coming from existing controls (e.g. bug bounties, image reviews, 3rd party analysis, etc.). Optimize these systems as necessary.
- Advise engineering teams on how to best address individual vulnerabilities in our environment.
- Coordinate with our SOC to improve the scope of our production monitoring.
- Participate in outreach to our engineers (e.g. developer training, office hours, internal CTFs).
- Demonstrable experience securing large scale environments under very active development.
- Demonstrable experience collaborating with internal engineering teams.
- Software engineering experience (you can write robust code with good test coverage and can point to specific examples of projects you’ve successfully delivered in the past).
- Expertise with at least one of the following languages:
Go, Ruby, Python, C/C++
- Working knowledge of modern development concepts (virtualized environments, continuous integration & delivery, containerization), network architecture, and system architecture.
- A habit of approaching security problems with creativity and flexibility that incorporates previous internal/external approaches as a data point, not a rulebook.
- Strong communication skills, both written and verbal.
- We have amazing people. We can promise you will work with some of the smartest and most interesting people in the industry. We work hard but we always have fun doing it. We care deeply about each other and take our “no jerks” rule very seriously.
- We value development. We are a high-performance organization that is always challenging ourselves to continuously grow. That means we maintain a growth mindset in everything we do and invest deeply in employee development. You’ll need to be great to get hired here and we promise you’ll get even better.
- We care about you. We offer competitive health, dental, and vision benefits for employees and their dependents, a monthly gym reimbursement to support your physical health, and a monthly commute allowance to make your trips to and from work easier.
- We invest in your future. We offer competitive compensation and a 401k plan with up to a 4% employer match. We also provide all employees with Kindles and reimbursement for relevant conferences, training, and education.
- We want you to love where you work. We have great office spaces located in the heart of SoHo NYC and Cambridge and offer daily catered lunches to keep your hunger at bay. We’re also very remote-friendly—we use Slack to communicate across the company—and all remote employees have the opportunity to onboard in-office and take an all-expenses paid trip to our annual company offsite, Shark Week, to get quality in-person time with the team at least once a year. We also allow employees to customize their workstations to meet their needs—whether remote or in office.
- We value diversity and inclusivity. We are an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Want to learn more about our Security team? Clickhere!
Want an inside look into life at DO? Clickhere to hear from our employees!