Senior Security Engineer I

Dive in and do the best work of your career at DigitalOcean. Journey alongside a strong community of top talent who are relentless in their drive to build the simplest scalable cloud. If you have a growth mindset, naturally like to think big and bold, and are energized by the fast-paced environment of a true industry disruptor, you'll find your place here. We value winning together-while learning, having fun, and making a profound difference for the dreamers and builders in the world.

We're looking for a Senior Product Security Engineer who is passionate about partnering with engineers to assess and mitigate the security risk of our virtualization stack.

You''ll own the security risk posture for our virtualization stack. You''ll get there by building the frameworks the org uses to reason about hypervisor risk - systematic threat models that surface risks, shared rubrics for assessing their impact and likelihood, and clear ways of communicating them to security, kernel, virtualization, and provisioning teams. From there, you''ll own the response: designing and proposing defense-in-depth mitigations and driving their implementation.

As a member of the Product Security team, you will report to the Manager of Secure Design. Our Secure Design team enables DigitalOcean to build secure-by-design products. We leverage strong relationships with both product teams and the rest of security engineering to be successful. The team's scope is primarily focused on reviewing early-stage decisions, developing threat models, scaling impact via automation, curating security patterns, authoring security guidance, training, and championing security initiatives.

What you'll do:

Propose and implement mitigations and defense-in-depth to threats discovered through threat modeling the virtualization stack (90%)

• Provide deep technical expertise in systems architecture, kernel security features and network architecture to build out a threat model for our virtualization stack
• Identify the trade-offs of different solutions and recommend the efficient design to achieve both functional goals and security requirements. We do not deliver mandates; we work alongside cross-functional partners to find mutually beneficial solutions.
• Collaborate with development teams to implement remediations and defense in depth to protect DigitalOcean's customers' workloads.

Cultivate and promote a security culture (10%)

• Mentor software engineering teams in security best practices.
• Help oversee our vulnerability management program (we call it security debt).
• Help DigitalOcean engineers understand how security events impact them. Do they need to worry about the next Redfish or Copy Fail CVEs? How does RetBleed impact DigitalOcean's fleet?

What you'll add to DigitalOcean:

Required qualifications:

• Deep familiarity with at least one kernel security feature (ex: AppArmor, SELinux, Landlock, etc.)
• Capable of assessing and understanding the performance implications of code changes to virtualization stacks (especially in Qemu and KVM), built from hands-on experience. Experience
• A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity. Engineering teams are our partners, not our adversaries.
• Ability to clearly communicate security topics and vulnerability classes (e.g. memory corruption, privilege escalation, TOCTOU, etc) and ability to provide actionable direction to product teams.
• Working knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery).

Preferred qualifications:

• 5+ years of writing systems level code (embedded systems, kernel, assembly or similar).
• Experience guiding software teams on secure architecture design.
• Written code for an embedded system (raspberry pi, arduino, etc).
• Experience building or reviewing threat models and ability to craft malicious user, attacker, and abuse/misuse cases.
• An understanding of patches and mitigations for hardware side-channel attacks.
• Familiarity with object oriented and functional programming concepts, particularly with languages such as Go, Rust, or C.

Compensation Range:

• $140,000 - $175,000
• This is a remote role

JR: 2026-8011

#LI-Remote

Why You'll Like Working for DigitalOcean

• We innovate with purpose. You'll be a part of a cutting-edge technology company with an upward trajectory, who are proud to simplify cloud and AI so builders can spend more time creating software that changes the world. As a member of the team, you will be a Shark who thinks big, bold, and scrappy, like an owner with a bias for action and a powerful sense of responsibility for customers, products, employees, and decisions.
• We prioritize career development. At DO, you'll do the best work of your career. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that will always challenge you to think big. Our organizational development team will provide you with resources to ensure you keep growing. We provide employees with reimbursement for relevant conferences, training, and education. All employees have access to LinkedIn Learning''s 10,000+ courses to support their continued growth and development.
• We care about your well-being. Regardless of your location, we will provide you with a competitive array of benefits to support you from our Employee Assistance Program to Local Employee Meetups to flexible time off policy, to name a few. While the philosophy around our benefits is the same worldwide, specific benefits may vary based on local regulations and preferences.
• We reward our employees. The salary range for this position is based on market data, relevant years of experience, and skills. You may qualify for a bonus in addition to base salary; bonus amounts are determined based on company and individual performance. We also provide equity compensation to eligible employees, including equity grants upon hire and the option to participate in our Employee Stock Purchase Program.
• DigitalOcean is an equal-opportunity employer. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.

Application Limit: You may apply to a maximum of 3 positions within any 180-day period. This policy promotes better role-candidate matching and encourages thoughtful applications where your qualifications align most strongly.