Job Description:
• Propose and implement mitigations and defense-in-depth to threats discovered through threat modeling the virtualization stack (90%)
• Provide deep technical expertise in systems architecture, kernel security features and network architecture to build out a threat model for our virtualization stack
• Identify the trade-offs of different solutions and recommend the efficient design to achieve both functional goals and security requirements
• Collaborate with development teams to implement remediations and defense in-depth to protect DigitalOcean’s customers’ workloads
• Cultivate and promote a security culture (10%)
• Mentor software engineering teams in security best practices
• Help oversee our vulnerability management program
Requirements:
• Deep familiarity with at least one kernel security feature (ex: AppArmor, SELinux, Landlock, etc.)
• Capable of assessing and understanding the performance implications of code changes to virtualization stacks (especially in Qemu and KVM)
• A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity
• Ability to clearly communicate security topics and vulnerability classes (e.g. memory corruption, privilege escalation, TOCTOU, etc) and provide actionable direction to product teams
• Working knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery)
• 5+ years of writing systems level code (embedded systems, kernel, assembly or similar)
• Experience guiding software teams on secure architecture design
• Written code for an embedded system (raspberry pi, arduino, etc)
• Experience building or reviewing threat models and ability to craft malicious user, attacker, and abuse/misuse cases
• An understanding of patches and mitigations for hardware side-channel attacks
• Familiarity with object-oriented and functional programming concepts, particularly with languages such as Go, Rust, or C
Benefits:
• Competitive salary
• Flexible work hours
• Paid time off
• Professional development opportunities
• Employee Assistance Program
• Local Employee Meetups
• Education reimbursement
• Access to LinkedIn Learning courses
• Equity compensation options