Senior Security Engineer I

DigitalOceanBoston, MA
Remote

About The Position

DigitalOcean is seeking a Senior Product Security Engineer passionate about partnering with engineers to assess and mitigate the security risk of their virtualization stack. This role will own the security risk posture for the virtualization stack by building frameworks for reasoning about hypervisor risk, including systematic threat models, shared rubrics for impact and likelihood assessment, and clear communication methods for security, kernel, virtualization, and provisioning teams. The engineer will also be responsible for designing and proposing defense-in-depth mitigations and driving their implementation. As part of the Secure Design team, the engineer will report to the Manager of Secure Design and will focus on reviewing early-stage decisions, developing threat models, scaling impact through automation, curating security patterns, authoring security guidance, training, and championing security initiatives.

Requirements

  • Deep familiarity with at least one kernel security feature (ex: AppArmor, SELinux, Landlock, etc.)
  • Capable of assessing and understanding the performance implications of code changes to virtualization stacks (especially in Qemu and KVM), built from hands-on experience.
  • A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity.
  • Ability to clearly communicate security topics and vulnerability classes (e.g. memory corruption, privilege escalation, TOCTOU, etc) and ability to provide actionable direction to product teams.
  • Working knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery).

Nice To Haves

  • 5+ years of writing systems level code (embedded systems, kernel, assembly or similar).
  • Experience guiding software teams on secure architecture design.
  • Written code for an embedded system (raspberry pi, arduino, etc).
  • Experience building or reviewing threat models and ability to craft malicious user, attacker, and abuse/misuse cases.
  • An understanding of patches and mitigations for hardware side-channel attacks.
  • Familiarity with object oriented and functional programming concepts, particularly with languages such as Go, Rust, or C.

Responsibilities

  • Propose and implement mitigations and defense-in-depth to threats discovered through threat modeling the virtualization stack (90%)
  • Provide deep technical expertise in systems architecture, kernel security features and network architecture to build out a threat model for our virtualization stack
  • Identify the trade-offs of different solutions and recommend the efficient design to achieve both functional goals and security requirements.
  • Collaborate with development teams to implement remediations and defense in depth to protect DigitalOcean’s customers’ workloads.
  • Cultivate and promote a security culture (10%)
  • Mentor software engineering teams in security best practices.
  • Help oversee our vulnerability management program (we call it security debt).
  • Help DigitalOcean engineers understand how security events impact them.

Benefits

  • Competitive array of benefits
  • Employee Assistance Program
  • Local Employee Meetups
  • Flexible time off policy
  • Reimbursement for relevant conferences, training, and education
  • Access to LinkedIn Learning's 10,000+ courses
  • Bonus in addition to base salary
  • Equity compensation
  • Employee Stock Purchase Program
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service