Jobs//Cybersecurity + IT//

Senior Penetration Tester

DigitalOcean
| United States | Remote | Hybrid
Employer Provided Salary: 150,000-192,000 Annually
Salary data is provided by the employer. Please note this is not a guarantee of compensation.
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
Do you ever wonder what happens inside the cloud?

DigitalOcean (NYSE: DOCN) simplifies cloud computing so builders can spend more time creating software that changes the world. With our mission-critical infrastructure and fully managed offerings, DigitalOcean enables startups and small and medium-sized businesses (SMBs) to rapidly deploy and scale modern applications. As a remote-first organization, our employees, like our customers, are based around the world.

We want people who are passionate about making the internet a safer place for everyone.

We’re looking for a Senior Penetration Tester to lead an internal ethical hacking function that works collaboratively alongside engineering teams to uncover vulnerabilities and weaknesses in the enterprise and consumer product environments. We believe that finding an issue is only the beginning of our work; we value cross-team coalitions and collaboration with the business to find reasonable remediations and view this post-engagement collaboration as crucial to success. Your work will make our million+ customers more secure and will help ensure that DigitalOcean is a respected contributor to the broader security community.

As a member of the Security Engineering team, you will report to the Senior Manager of Product Security. You will collaborate with other security teams and the rest of DigitalOcean to plan, coordinate, execute, and report on sophisticated ethical hacking exercises, to identify software, network, and systems vulnerabilities, and reduce the risk posture of DigitalOcean’s systems. You will also be a primary driver of our vulnerability management program, leveraging your expertise to assess contextual impact from both your engagements and other internal and external sources. You will act as a primary point of contact with security researchers in our bug bounty program. Security at DO means solving incredibly complex problems at a high-scale that have real impact for our customers, our products, and for the larger internet community.

What you’ll be doing:

Perform penetration testing engagements and find vulnerabilities in software, systems, and networks (55%)

  • Develop tools, methodologies, and infrastructure to support penetration testing engagements
  • Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics
  • Work with security and engineering teams to communicate findings, collaborate on recommendations, and inform key stakeholders
  • Provide holistic assessments of security layers across infrastructure, application, people, and process

Lead our bug bounty and vulnerability management programs (35%)

  • Act as the primary point of contact to security researchers engaged in our bug bounty program
  • Assess and triage new vulnerabilities to the vulnerability management program to determine contextual impact to the business
  • Educate security and engineering teams on topical vulnerability patterns, in coordination with teams such as fraud & abuse and threat intelligence

Cultivate and promote a security culture (10%)

  • Champion an internal security culture (developer training, internal CTFs, etc.)
  • Help DigitalOcean engineers understand how security events impact them. How does Retbleed impact DigitalOcean’s fleet? How should the company respond to the next xz-style backdoor?

There’s no coding expectation in this role beyond scripting common pentest tools, but if interested you will have the opportunity to collaborate with our wider Security Engineering team on creating paved roads and secure defaults, amongst other projects.

What we’ll expect from you:

Required qualifications:

  • 5+ years minimum, of job related experience pen testing web application and network services
  • Expert understanding of software security architecture and design, threat modeling, and mitigations for common application security issues
  • Ability to find and exploit security flaws in several of:
    • Go, React, GraphQL, PHP, and Python
    • Kubernetes and cloud environments
    • Memory and process isolation, e.g., kvm, gvisor, kata, namespaces, cgroups
    • Network protocols, e.g., BGP, Open VSwitch, BPF
  • A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity. Engineering teams are our partners, not our adversaries

Preferred qualifications:

  • 2+ years minimum, of job related experience pen testing services deployed in public cloud infrastructure
  • Familiarity with a variety of vulnerability and risk assessment frameworks, such as CWSS, FAIR, and SSVC
  • Familiarity with various threat modeling concepts and frameworks, such as PASTA, DREAD, and STRIDE
  • Contributions to the security community, such as open source tools, research papers, or conference talks
  • While not required or expected, please highlight if you have any GIAC, eLearning, or similar certifications relevant to web, network, and systems penetration testing (OSCP, eCPPT, GPEN, BSCP, etc.)

Why You’ll Like Working for DigitalOcean:

  • We reward our employees. The base salary range for this position is between $150,000 - $192,000 based on relevant years of experience and skills. The salary range for this role is specific to candidates located within the U.S. and will vary for candidates outside the U.S.. Employees may qualify for a bonus in addition to base salary; bonus amounts are determined based on company and individual performance. We also provide equity compensation to eligible employees including grants of equity upon hire and the option to participate in our Employee Stock Purchase Program.
  • We value development. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that is always challenging our teams and employees to continuously grow. We maintain a growth mindset in everything we do and invest deeply in employee development through formalized mentorship and other internal programs. We provide all employees with reimbursement for relevant conferences, training, and education.
  • We care about your well-being. In addition to cash and equity compensation, we also offer employees a competitive array of benefits. In the United States, these include health insurance, flexible vacation, retirement benefits, a generous parental leave program, and additional resources to support employees' overall well-being. While the philosophy around our benefits is the same worldwide, specific benefits may vary in other countries due to local regulations and preferences.
  • We value diversity and inclusivity. We are an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

*This is a remote role

#LI-Remote

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • C++Languages
    • GolangLanguages
    • JavascriptLanguages
    • PerlLanguages
    • PythonLanguages
    • RubyLanguages
    • CLanguages
    • RLanguages
    • F#Languages
    • jQuery UILibraries
    • ReactLibraries
    • Ember.jsFrameworks
    • Ruby on RailsFrameworks
    • CassandraDatabases
    • MySQLDatabases
    • PostgreSQLDatabases
    • RedisDatabases
    • ConsulDatabases
    • ZKDatabases
    • Google AnalyticsAnalytics
    • BasecampManagement
    • ConfluenceManagement
    • JIRAManagement
    • TrelloManagement
    • MailChimpEmail
    • MarketoLead Gen

Location

Easy to access for employees both in and outside of NYC, our HQ is located in the heart of trendy SoHo.

An Insider's view of DigitalOcean

What are some social events your company does?

We host an annual Shark Week where the entire company comes together for a week of learning, team time, opportunities to network cross-functionally, social activities, and more. We also host internal Hackathons (or Shark-a-hacks, as we call them) twice a year along with an annual Shark Day!

Olivia

Senior Manager, People Operations & Analytics

What projects are you most excited about?

I'm really excited about our Managed Databases and App Platform offerings. Getting started on a new project can be hard, let alone the overhead of setting up infrastructure. With our App Platform and Managed Databases, developers can focus their attention on writing code.

Greg

Engineer II

What makes someone successful on your team?

Success on my team is fueled by my team’s mutual respect and trust. My team has given me all of the necessary tools needed to get the job done and I am trusted to contribute to company projects that will transform the business. It is invaluable to be surrounded by a team that is just as committed to my success as I am!

Melonie

People Operations Associate

What is your vision for the company?

DO is in a unique position as the entry point to the internet for 500,000 customers today, and with the potential to reach many millions more over time. We have an incredible opportunity to help the world's developers and entrepreneurs test their ideas, build their business and realize their dreams.

Yancey

CEO

What unique initiatives do you have that encourage innovation?

DigitalOcean sources meetups, conferences, projects, non-profit organizations, student-run hackathons, and individual developers who create useful content. The ethos here is community driven, and based on love, so we go out of our way to support developers and entrepreneurs who are creating meaningful technologies and businesses.

Daniel

Senior Developer Relations Manager

What are DigitalOcean Perks + Benefits

DigitalOcean Benefits Overview

DigitalOcean benefits offerings vary by region. You can expect to enjoy things like:
- Full Health Coverage: Fully paid health benefits for all our employees.
- Commuter Benefits: Local employees receive a monthly metrocard or equivalent reimbursement for remotees
- 401k Plan: It's never too early to start saving. DigitalOcean matches up to 4% of every employee's salary
- Education Support: All employees receive reimbursement for conferences, training or education
- Fitness &. Wellness Stipend: $100 per month to support your physical & mental health
- Internet & Phone Stipend: $200 per month to help support your WFH setup
- WFH Stipend: Ensure our employees are as comfortable as possible WFH!
- Monthly snack & coffee home deliveries
- Custom Workstations: Mac? PC? Linux? We’ll hook up your rig with your preferred equipment
- Flexible Vacation Time: Take the time you need to live a balanced and fulfilling personal life
- Headphones: Up to $100 for headphones of your choosing
- Teambuilding & Social Events: Hackathons, Shark Week (our annual company retreat), team offsites, anniversary parties and more

Culture
Open door policy
OKR operational model
Team based strategic planning
Open office floor plan
Flexible work schedule
Remote work program
Diversity
Documented equal pay policy
Highly diverse management team
Mean gender pay gap below 10%
Diversity employee resource groups
We launched our first 4 ERGs in June 2021
Hiring practices that promote diversity
Health Insurance + Wellness
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Wellness programs
Team workouts
DigitalOcean's team fitness initiatives include In-office yoga.
Mental health benefits
Financial & Retirement
401(K)
401(K) matching
Company equity
Employee stock purchase plan
Performance bonus
Charitable contribution matching
Child Care & Parental Leave
Generous parental leave
Family medical leave
Return-to-work program post parental leave
Vacation + Time Off
Unlimited vacation policy
Generous PTO
DigitalOcean gives employees unlimited PTO
Paid holidays
Paid sick days
Employees receive unlimited days of paid sick leave.
Office Perks
Company-sponsored outings
Free snacks and drinks
Company-sponsored happy hours
Happy hours are hosted once per week in the warmer months.
Relocation assistance
Fitness stipend
DigitalOcean reimburses its employees up to $100 per month for fitness services and activities
Home-office stipend for remote employees
Professional Development
Job training & conferences
Tuition reimbursement
Lunch and learns
DigitalOcean hosts lunch and learn meetings weekly.
Promote from within
Mentorship program
Continuing education stipend
Customized development tracks
Paid industry certifications
View full list of perks + benefits

More Jobs at DigitalOcean

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about DigitalOceanFind similar jobs like this