Senior Security Engineer

This is a fully remote position, open to applicants in Massachusetts.

📋 Description

• Recommend and execute mitigations and layered defenses against threats identified through threat modeling of the virtualization stack (90%)

• Offer extensive technical knowledge in systems architecture, kernel security features, and network design to develop a threat model for our virtualization stack

• Assess the trade-offs between various solutions and suggest efficient designs to meet both functional objectives and security needs.

• Work collaboratively with development teams to implement remedies and layered defenses to safeguard DigitalOcean’s customers’ workloads.

• Foster and advocate a culture of security (10%)

• Guide software engineering teams in best practices for security.

• Assist in managing our vulnerability management program.

• Support DigitalOcean engineers in understanding the implications of security events on their work.

⛳️ Requirements

• Strong familiarity with at least one kernel security feature (e.g., AppArmor, SELinux, Landlock, etc.)

• Ability to evaluate and comprehend the performance impacts of code modifications to virtualization stacks (especially in Qemu and KVM), gained through practical experience.

• Proven experience in collaborating with internal engineering teams to address security challenges throughout the entire stack with empathy and innovative thinking.

• Proficient in articulating security topics and vulnerability categories (e.g., memory corruption, privilege escalation, TOCTOU, etc.) and capable of offering actionable guidance to product teams.

• Familiar with contemporary development concepts (virtualized environments, containerization, continuous integration + delivery).

• Over 5 years of experience writing systems-level code (embedded systems, kernel, assembly, or similar).

• Experience in advising software teams on secure architecture design.

• Written code for embedded systems (e.g., Raspberry Pi, Arduino, etc.).

• Experience in constructing or evaluating threat models and the ability to create malicious user, attacker, and abuse/misuse scenarios.

• Understanding of patches and mitigations for hardware side-channel attacks.

• Familiarity with object-oriented and functional programming concepts, particularly in languages such as Go, Rust, or C.

🏝️ Benefits

• Competitive salary

• Flexible working hours

• Professional development resources

• Employee Assistance Program

• Local Employee Meetups

• Flexible time off policy

• Employee Stock Purchase Program