Senior Product Security Engineer: Penetration Testing
Have you ever wondered what happens inside the cloud?
Based in New York, DigitalOcean is a dynamic, high-growth technology company that serves a robust and passionate community of developers, teams, and businesses around the world. We believe that today’s entrepreneurs are changing the world through software. Our mission is to empower these entrepreneurs by bringing modern app development within reach for any developer, anywhere in the world.
We want people who are passionate about making the internet a safer place for everyone.
We’re looking for a product security engineer with experience pentesting and assessing large-scale systems, and with the communication and personal skills to help build a program. Your work will make our million+ customers more secure, and will help ensure that DigitalOcean is a respected and active contributor to the broader security community.
You’ll report to the Director of Security Engineering. Your technical contributions could include pentesting our public offerings & internal services, building attack models, and impersonating specific actors in our environment. Your non-technical contributions could include mentoring other members of the security team, expanding our bug bounty program, and helping to guide the direction of DigitalOcean’s testing program.
What You’ll Be Doing:
- Identify, plan, and execute penetration tests of varying scopes on DigitalOcean’s production environment.
- Identify, plan, and execute assessments on DigitalOcean’s public-facing environment.
- Build realistic attack models for DigitalOcean: what attackers of varying skill and motivation would actually do in our environment.
- Train other members of DigitalOcean’s security team on how to perform assessments, and mentor them through basic testing work.
- Be a technical point of contact when we engage with outside testing companies.
- Work with our SOC and Security Engineering teams on effective attack detection.
- Advise DO Engineering teams on how to best remediate specific vulnerabilities.
- Help to manage our bug bounty program.
What We’ll Expect From You:
- Demonstrable, thorough experience performing penetration tests on complex environments.
- Working knowledge of modern development concepts (virtualized environments, continuous integration & delivery, containerization), network architecture, and system architecture.
- Demonstrable experience collaborating with internal engineering teams.
- A habit of approaching problems with creativity.
- Solid communication skills, both written and verbal.
- Experience automating common testing tasks.
- Desire to be a technical leader in this space.
- Experience with bug bounty programs, either managing or submitting.
- Practical testing certifications (e.g. OSCP).
Why You’ll Like Working for DigitalOcean:
- We have amazing people. We can promise you will work with some of the smartest and most interesting people in the industry. We work hard but we always have fun doing it. We care deeply about each other and take our “no jerks” rule very seriously.
- We value development. We are a high-performance organization that is always challenging ourselves to continuously grow. That means we maintain a growth mindset in everything we do and invest deeply in employee development. You’ll need to be great to get hired here and we promise you’ll get even better.
- We care about you. We offer competitive health, dental, and vision benefits for employees and their dependents, a monthly gym reimbursement to support your physical health, and a monthly commute allowance to make your trips to and from work easier.
- We invest in your future. We offer competitive compensation and a 401k plan with up to a 4% employer match. We also provide all employees with Kindles and reimbursement for relevant conferences, training, and education.
- We want you to love where you work. We have great office spaces located in the heart of SoHo NYC and Cambridge and offer daily catered lunches to keep your hunger at bay. We’re also very remote-friendly—we use Slack to communicate across the company—and all remote employees have the opportunity to onboard in-office and take an all-expenses paid trip to our annual company offsite, Shark Week, to get quality in-person time with the team at least once a year. We also allow employees to customize their workstations to meet their needs—whether remote or in office.
- We value diversity and inclusivity. We are an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Want to learn more about our Security team? Clickhere!
Want an inside look into life at DO? Clickhere to hear from our employees!