[Hiring] Staff Product Security Engineer @DigitalOcean

Role Description

We’re looking for a Staff Product Security Engineer who is passionate about partnering with engineers to assess the security risk of new products and features and build secure-by-default paved roads.

As a member of the Product Security team, you will report to the Senior Manager of Product Security. Our mission is to minimize security risk while maximizing business velocity. This staff engineer will help oversee the strategic functions of two Product Security teams: Secure Design and Security Platform.

• Threat model application designs and solutions and provide security risk assessments (60%)
• Provide deep technical expertise in software and network architecture during holistic assessments of security layers across infrastructure, application, people, and process.
• Collaborate with product managers, designers, and engineers to threat model and architect secure and resilient systems.
• Identify the trade-offs of different solutions and recommend the efficient design to achieve both functional goals and security requirements.
• Provide hands-on remediation guidance to development teams.
• Build secure-by-default guardrails for engineers (30%)
• Design and build internal tooling to provide engineering teams with secure-by-default configurations and libraries.
• Write robust, resilient, and maintainable software, primarily in Go and Python. You may sometimes work on a frontend.
• Prioritize the user experience (our customers are internal dev teams) to ensure security’s libraries and services are the easiest, fastest way to get work done.
• Cultivate and promote a security culture (10%)
• Champion an internal security culture (developer training, internal CTFs, etc.).
• Mentor software engineering teams in security best practices.
• Help oversee our vulnerability management program (we call it security debt).
• Help DigitalOcean engineers understand how security events impact them.

Qualifications

• Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities.
• Ability to clearly communicate security topics and vulnerability classes (e.g. OWASP Top Ten) and ability to provide actionable direction to product teams.
• A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity.
• Strong knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery).

Requirements

• 6+ years experience guiding software teams on secure architecture design.
• 5+ years of experience in software engineering projects, ideally with a security focus.
• Experience building or reviewing threat models and ability to craft malicious user, attacker, and abuse/misuse cases.
• Working knowledge of hardware and software supply chain security.
• Familiarity with technologies such as gRPC, Docker, Prometheus, Kubernetes, HashiCorp Vault, and GitHub Actions.

Benefits

• Competitive array of benefits to support well-being, including Employee Assistance Program and flexible time off policy.
• Reimbursement for relevant conferences, training, and education.
• Access to LinkedIn Learning's 10,000+ courses for continued growth and development.
• Salary range based on market data, relevant years of experience, and skills.
• Potential for bonuses based on company and individual performance.
• Equity compensation to eligible employees, including equity grants upon hire.