[Remote] Senior Product Security Engineer, Secure Design
Note: The job is a remote job and is open to candidates in USA. DigitalOcean is a cutting-edge technology company focused on simplifying cloud solutions for builders. They are seeking a Senior Product Security Engineer to assess security risks of new products and features, collaborate with teams to guide secure architecture design, and promote a security culture within the organization.
Responsibilities
- Threat model application designs and solutions and provide security risk assessments (70%)
- Provide deep technical expertise in software and network architecture during holistic assessments of security layers across infrastructure, application, people, and process
- Collaborate with product managers, designers, and engineers to threat model and architect secure and resilient systems
- Identify the trade-offs of different solutions and recommend the efficient design to achieve both functional goals and security requirements
- Provide hands-on remediation guidance to development teams
- Cultivate and promote a security culture (20%)
- Champion an internal security culture (developer training, internal CTFs, etc.)
- Mentor software engineering teams in security best practices
- Help oversee our vulnerability management program (we call it security debt)
- Help DigitalOcean engineers understand how security events impact them. Do they need to worry about the next Log4j CVE? How does RetBleed impact DigitalOcean’s fleet?
- Build security tooling and automations to help scale the Product Security team's practices (10%)
- Use software architecture and coding patterns to reduce the impact of security issues
- Drive architecture, patterns, and processes across engineering that make security the easiest path
- Integrate custom security tooling into engineering workflows
Skills
- Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities
- Ability to clearly communicate security topics and vulnerability classes (e.g. OWASP Top Ten) and ability to provide actionable direction to product teams
- A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity. Engineering teams are our partners, not our adversaries
- Working knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery)
- 3+ years experience guiding software teams on secure architecture design
- Experience building or reviewing threat models and ability to craft malicious user, attacker, and abuse/misuse cases
- Working knowledge of hardware and software supply chain security
- Familiarity with object oriented and functional programming concepts, particularly with languages such as Go, JavaScript, Rust, or C
Benefits
- Reimbursement for relevant conferences, training, and education
- Access to LinkedIn Learning's 10,000+ courses
- Employee Assistance Program
- Local Employee Meetups
- Flexible time off policy
- Bonus based on company and individual performance
- Equity compensation including equity grants upon hire and the option to participate in our Employee Stock Purchase Program
Company Overview
- DigitalOcean provides a cloud platform to deploy, manage, and scale applications of any size. It was founded in 2012, and is headquartered in New York, New York, USA, with a workforce of 1001-5000 employees. Its website is http://www.digitalocean.com.
Company H1B Sponsorship
- DigitalOcean has a track record of offering H1B sponsorships, with 27 in 2025, 8 in 2024, 9 in 2023, 22 in 2022, 11 in 2021, 2 in 2020. Please note that this does not guarantee sponsorship for this specific role.
Apply tot his job Apply To this Job