NYC  SF        Events   Jobs   Deals  
 
  Sign in  
 
 
 

DigitalOcean // cloud infrastructure management
Apply To Job
 
 
 

Were looking for a Senior Product Security Operator to lead our bug bounty & vulnerability management programs.

As a member of the Product Security team, you will report to the Senior Manager of Product Security. You will be a primary driver of our vulnerability management program, leveraging your expertise to assess contextual impact from both your experience & offensive engagements & other internal & external sources. You will act as a primary point of contact with security researchers in our bug bounty program. Security at DO means solving incredibly complex problems at a high-scale that have real impact for our customers, our products, & for the larger internet community.

We want people who are passionate about making the internet a safer place for everyone. You will also have opportunities to conduct internal ethical hacking activities collaboratively alongside engineering teams to uncover vulnerabilities & weaknesses in the enterprise & consumer product environments. We believe that finding an issue is only the beginning of our work; we value cross-team coalitions & collaboration with the business to find reasonable remediations & view this post-engagement collaboration, regardless of whether the issue is an internal pentest finding or a bug bounty submission, as crucial to success. Your work will make our million+ customers more secure & will help ensure that DigitalOcean is a respected contributor to the broader security community.

What Youll Do:

Lead our bug bounty & vulnerability management programs (85%)

  • Act as the primary point of contact to security researchers engaged in our bug bounty program
  • Assess & triage new vulnerabilities to the vulnerability management program to determine contextual impact to the business
  • Educate security & engineering teams on topical vulnerability patterns, in coordination with teams such as fraud & abuse & threat intelligence

Occasionally perform penetration testing engagements & find vulnerabilities in software, systems, & networks (10%)

  • Collaborate with security & engineering teams during key product launches to set scope, objective, & execution for penetration testing engagements, & keep stakeholders informed.
  • Develop tools, methodologies, & infrastructure to support penetration testing engagements
  • Provide holistic assessments of security layers across infrastructure, application, people, & process

Cultivate & promote a security culture (5%)

  • Champion an internal security culture (developer training, internal CTFs, etc.)
  • Help DigitalOcean engineers understand how security events impact them. How does Retbleed impact DigitalOceans fleet? How should the company respond to the next xz-style backdoor?

Theres no coding expectation in this role beyond scripting common pentest tools, but if interested you will have the opportunity to collaborate with our wider Security Engineering team on creating paved roads, secure defaults, & security automation, amongst other projects.

What Youll Add to DigitalOcean:

Required qualifications:

  • 3+ years experience operating a paid enterprise bug bounty program
  • Expert understanding of software security architecture & design, threat modeling, & mitigations for common application security issues (e.g. OWASP Top Ten mitigations)
  • A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy & creativity. Engineering teams are our partners, not our adversaries. Submitting findings in a Jira project is not the end of our task; it is the beginning of a conversation, & we look forward to collaborating with engineering teams to design & determine appropriate mitigations.

Preferred qualifications:

  • Experience as a bug bounty researcher submitting reports to bug bounty programs.
  • Contributions to the security community, such as open source tools, research papers, or conference talks.
  • Familiarity with a variety of vulnerability & risk assessment frameworks, such as CWSS, FAIR, & SSVC
  • While not required or expected, please highlight if you have any GIAC, eLearning, or similar certifications relevant to web, network, & systems penetration testing (OSCP, eCPPT, GPEN, CPTS, BSCP, etc.)

Why Youll Like Working for DigitalOcean:

  • We innovate with purpose. Youll be a part of a cutting-edge technology company with an upward trajectory, who are proud to simplify cloud & AI so builders can spend more time creating software that changes the world. As a member of the team, you will be a Shark who thinks big, bold, & scrappy, like an owner with a bias for action & a powerful sense of responsibility for customers, products, employees, & decisions. 
  • We prioritize career development. At DO, youll do the best work of your career. You will work with some of the smartest & most interesting people in the industry. We are a high-performance organization that will always challenge you to think big. Our organizational development team will provide you with resources to ensure you keep growing. We provide employees with reimbursement for relevant conferences, training, & education. All employees have access to LinkedIn Learning's 10,000+ courses to support their continued growth & development.
  • We care about your well-being. Regardless of your location, we will provide you with a competitive array of benefits to support you from our Employee Assistance Program to Local Employee Meetups to flexible time off policy, to name a few. While the philosophy around our benefits is the same worldwide, specific benefits may vary based on local regulations & preferences.
  • We reward our employees. The salary range for this position is $133,700 - $167,100 based on market data, relevant years of experience, & skills. You may qualify for a bonus in addition to base salary; bonus amounts are determined based on company & individual performance. We also provide equity compensation to eligible employees, including equity grants upon hire & the option to participate in our Employee Stock Purchase Program. 
  • We value diversity & inclusion. We are an equal-opportunity employer, & recognize that diversity of thought & background builds stronger teams & products to serve our customers. We approach diversity & inclusion seriously & thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.

*This is a remote role.

#LI-Remote

 
 
 
 
 
About    Feedback    Press    Terms    Gary's Red Tie
 
© 2025 GarysGuide