Full-Time

Product Security Engineer

Posted on 8/29/2024

DigitalOcean

DigitalOcean

1,001-5,000 employees

Cloud computing platform for developers and businesses

Compensation Overview

$100k - $180kAnnually

+ Bonus + Equity Compensation

Junior, Mid

Remote in USA

This is a remote role.

Category
Cybersecurity
IT & Security
Required Skills
Python
JavaScript
Requirements
  • Ability to clearly communicate security topics and vulnerability classes (e.g. OWASP Top Ten) and provide actionable direction to product teams.
  • A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity. Engineering teams are our partners, not our adversaries.
  • Hands-on experience in software engineering projects. We primarily develop in Go, JavaScript, and Python. You are comfortable writing code with good test coverage.
  • Working knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery).
Responsibilities
  • Review architecture and code and provide security guidance (70%)
  • Provide holistic assessments of security layers across infrastructure, application, people, and process.
  • Collaborate with product managers, designers, and engineers to threat model and architect secure and resilient systems.
  • Review source code against secure coding best practices and contribute security requirements.
  • Create a paved road for engineers to build securely (20%)
  • Drive the software design and implementation of security services, tools, and libraries to provide secure defaults to the rest of the organization.
  • Promote security remediations in the CI/CD pipeline by building tools and services for engineers to consume (e.g. custom Semgrep implementation, developer-first secrets management).
  • Help build the platform that ensures software development at DigitalOcean is safe, easy, and low-risk.
  • Cultivate and promote a security culture (10%)
  • Champion an internal security culture (developer training, internal CTFs, etc.).
  • Help DigitalOcean engineers understand how security events impact them. Do they need to worry about the next Log4j CVE? How does RetBleed impact DigitalOcean’s fleet?

DigitalOcean provides cloud computing services designed to help developers and businesses focus on building software. Its platform offers mission-critical infrastructure and fully managed services that enable users to quickly build, deploy, and scale applications. DigitalOcean's products work by providing a user-friendly interface and tools that simplify the management of cloud resources, allowing users to allocate computing power, storage, and networking capabilities as needed. What sets DigitalOcean apart from its competitors is its emphasis on simplicity, a strong community, and open-source support, which makes it easier for users to get started and find help. The company's goal is to empower developers and small to medium-sized businesses to innovate and grow by reducing the time spent on infrastructure management.

Company Size

1,001-5,000

Company Stage

IPO

Total Funding

$168.5M

Headquarters

New York City, New York

Founded

2012

Simplify Jobs

Simplify's Take

What believers are saying

  • DigitalOcean's IPv6 support enhances scalability and future-proofs their infrastructure.
  • Membership in the Ceph Foundation strengthens DigitalOcean's data storage solutions.
  • Droplet Autoscale Pools address the need for effortless workload scaling.

What critics are saying

  • CoreWeave's AI-focused services could draw customers away from DigitalOcean.
  • Vultr's valuation increase indicates growing competition in the cloud market.
  • Bare Metal GPUs may not compete with established AI cloud providers.

What makes DigitalOcean unique

  • DigitalOcean offers a no DevOps required experience for developers.
  • The company focuses on simplicity and open-source solutions for cloud computing.
  • DigitalOcean's customer service is a key differentiator in the cloud market.

Help us improve and share your feedback! Did you find this helpful?

Benefits

Remote-first

Full health coverage

Wellness coverage

Flexible vacation time

Team-building & social events

401(k) plans

ESPP

Education support

Partner support

Employee giving

Growth & Insights and Company News

Headcount

6 month growth

0%

1 year growth

0%

2 year growth

-3%
Securities.io
Mar 3rd, 2025
Coreweave: The Cloud Ai Hyperscaler

AI Computing As A ServiceAI is becoming increasingly important in almost every business, with progressively more powerful models, including very efficient, cheap, and open-source ones like DeepSeek.However, this need for computation linked to AI can be highly variable, making it rational for most users to depend on cloud services to provide it instead of directly owning the required chips and data centers. The same can be true for other compute-heavy tasks, like special effects generations.One solution to access such cloud services is to rely on the big cloud providers, like Amazon’s AWS (AMZN -2.02%), Google Cloud (GOOGL -0.9%), or Microsoft’s Azure(MSFT -0.69%).Another option is to go directly to an AI-focused cloud provider, with infrastructure entirely dedicated to the type of computing hardware required by AI calculations.One of the largest providers of this kind is CoreWeave, which has been piling up GPUs since 2017. CoreWeave is now looking at filing for an IPO raising $4B, which would bring its valuation to $35B.So investors might want to know more about the company and how it is positioned to benefit from the AI boom, even while incertitude piles up on the future of the industry regarding the computation power truly needed.History of CoreWeaveCoreWeave is a newcomer in the cloud computing industry, having been founded in 2017. It initially specialized in computing for the cryptocurrency industry with GPUs (Graphics Processing Unit).GPUs are initially chips designed for graphic calculation, often for 3D video games. They are dedicated to performing thousands of simple calculations in parallel, instead of a few complex ones at a time, like processors (CPUs).As it turned out, GPUs were a perfect design for the type of calculation required for cryptocurrency mining, and also for AI using neural networks, resulting in explosive growth and leadership in AI hardware for GPU specialist Nvidia (NVDA -7.18%).(You can read more about the investment case for Nvidia in our dedicated report).Then, in 2019, it moved on to a more generalized cloud offer, still specialized in GPU-based calculation.The early acquisition of a massive amount of GPUs by CoreWeave made it a key partner for AI startups looking for extra computing power.“People were still able to access GPUs last year, but when it became extremely tight, all of a sudden it was like, where do we get these things?AI companies that were using CoreWeave spread the word to VCs, he added, who suddenly saw a gold mine: “They said, ‘Why aren’t we speaking to these guys’?”Brannin McBee – CoreWeave co-founder chief strategy officerBeing at the right place at the time gave access to plenty of capital for growth to CoreWeave, with multiple fundraising rounds, up to a $1.1B one in 2024.“We believe CoreWeave has emerged as a key leader in building the mission-critical infrastructure foundation required to satisfy society's current and future demand for high-performance compute at scale to power the generative AI revolution.”Philippe Laffont, Founder Portfolio Manager of CoreWeave. CoreWeave OverviewSo far, the company has been mostly building its infrastructure in the US, with North America hosting most of its servers, and 3 installed in Europe.CoreWeave constantly monitors the “health” of its equipment, identifying potential issues proactively and reducing the risk of downtime or underperformance of its servers.In addition to the computing capacities, CoreWeave provides a high level of security to its servers, a critical question considering the question of data privacy and safety that surrounds AI, as well as the intense competition from US and overseas firms.While technically a competitor to Big Tech firms, CoreWeave can also be seen by them as a valued partner, with Microsoft, notably, being the company's biggest customer.In 2024, CoreWeave made around $2B in revenue and has a very aggressive growth target of $8B for 2025.A key center of AI cloud services provided by CoreWeave is flexibility

DigitalOcean
Mar 3rd, 2025
Scale smarter with DigitalOcean's latest networking upgrades

Today, DigitalOcean, Inc. is excited to announce three key networking enhancements: Network Load Balancer, IPv6 for Load Balancers, and Reserved IPv6 for Droplets.

StartUp Online
Dec 27th, 2024
Hogyan Vonj Be Series A Befektetést?

Amikor egy startup Series A befektetést von be, esélyt kap arra, hogy a világmegváltó ötletből tényleg egy hosszútávon nyereséges vállalkozást faragjon. Ahhoz, hogy alapítóként minél felkészültebben állhass a befektetők elé, hozunk pár tippet.Az egyik legnagyobb mérföldkő egy startup életében, amikor a seed fázist követően sikerül bevonnia egy Series A befektetést. Ekkor adódik meg ugyanis az esély arra, hogy a világmegváltó ötletből tényleg egy hosszútávon működőképes és nyereséges vállalkozás legyen.Ekkorra van már a startupnak jó eséllyel egy piaci validáción átesett terméke vagy szolgáltatása, akár néhány alkalmazottja is, és ahhoz keresi a forrást, hogy azt még tovább fejlessze, bővítse a csapatát, miközben kilép a piacra, és elkezd érdemben bevételt termelni.Ennek megfelelően egy Series A befektetés nagyságrendekkel nagyobb, mint az azt megelőző pre-seed és seed finanszírozás összege. Csak hogy két idei példával érzékeltessük: amíg a magyar edtech AI-startup, a Voovo pre-seed befektetésként 500 ezer dollárt (közel 460 ezer eurót) vont be, addig az úgyszint magyar, BNPL (buy now, pay later) PastPay ennek több mint 260-szorosát, 12 millió eurós dealt ütött nyélbe Series A befektetésként.Mindezek miatt kiváltképp fontos, hogy az alapítók felkészülten álljanak azon kockázatitőke-befektetők elé, akiktől a Series A kört várják. A Sifted cikke alapján ehhez adunk pár tippet.A nagy képet nézd!Amíg egy pre-seed vagy seed fázisban még a jó ötletet, illetve a motivált alapítókat és csapatot keresi mindenekelőtt a befektető, a Series A befektetéshez ez nem elég. Itt a befektető már konkrétabban látni akarja, hogy hosszú távon hogyan lesz neki nyeresége abból, ha a bizalmát és a tőkéjét beléd helyezi.Ezért nem egy-kettő, hanem jóval több lépéssel előrébb érdemes gondolkodnod, és bemutatnod a befektetőnek, hogy a vállalkozásod hogyan lesz képes növekedni, milyen úton lesz nyereséges, akár odáig, hogy hogyan fog eljutni a tőzsdei bevezetésig.Tehát ne csak azt vázold fel, hogy az aktuálisan bevonni kívánt tőkét hogyan használnád fel, hanem azt is, hogy milyen utat fog bejárni a vállalkozásod hosszabb távon.Hozz idősoros adatokat, és támaszd alá velük a sztoridat!Ahhoz, hogy ezt a jövőt hitelesen fel tudd vázolni, nem árt, ha vannak a kezedben ezt alátámasztó adatok

PR Newswire
Dec 19th, 2024
Ceph, The Default Choice Of Enterprise Storage For Mission Critical Workloads, Expands Yearly Event And Welcomes Digitalocean As Its Newest Member

Open source distributed storage system community demonstrated ecosystem growth at recent Cephalocon event with record-breaking attendance and sponsorshipsSAN FRANCISCO, Dec. 19, 2024 /PRNewswire/ -- The Ceph Foundation, the global community dedicated to fostering the growth and advancement of Ceph , today announced the completion of a successful Cephalocon 2024 event, which introduced the Ceph New User's Workshop.The Ceph Foundation is also pleased to announce that DigitalOcean has joined as the newest Silver member to help advance open source, distributed storage.Ceph continues to be the most popular open source storage solution for modern data storage challenges due to its highly scalable, resilient, and flexible architecture. It's reached 1 exabyte of storage reported by users in more than 3,000 Ceph clusters across the community, Ceph has solidified its position as the cornerstone of open source data storage.A yearly forum for the Ceph community to come together, share knowledge, showcase the latest innovations, and strengthen collaboration across the ecosystem, Cephalocon 2024 just wrapped up. Held onsite at CERN Science Gateway in Geneva, Switzerland, this year's Cephalocon brought together a record-breaking number of attendees and sponsorships and hosted the first Ceph New User's Workshop ahead of the main event to help onboard new users and provide a formal introduction to the community as well as the The community also continued its tradition of hosting a Ceph Developer Summit ahead of the main conference as well.Highlights from Cephalocon 2024Cephalocon featured a strong program, with keynote presentations from key members of the community speaking to the value and impact of Ceph:CERN , the European Organization for Nuclear Research and one of the world's largest and most respected centres for scientific research, has been involved with Ceph for over ten years, was delighted to host this year's Cephalocon at CERN's flagship visitor and conference center, the Science Gateway. They are eager to continue to nourish and give back to the Ceph community., the European Organization for Nuclear Research and one of the world's largest and most respected centres for scientific research, has been involved with Ceph for over ten years, was delighted to host this year's Cephalocon at CERN's flagship visitor and conference center, the Science Gateway. They are eager to continue to nourish and give back to the Ceph community

Hawk Dive
Dec 19th, 2024
DigitalOcean Unveils Droplet Autoscale Pools for Effortless Workload Scaling

Recognizing this need, DigitalOcean has introduced a powerful new feature called Droplet Autoscale Pools.

INACTIVE