Infrastructure Security Engineer

As an Infrastructure Security Engineer at DigitalOcean, you will join a dynamic team dedicated to revolutionizing cloud computing and AI. You will be a key technical contributor who owns the implementation of robust security solutions for defined problems within the team's scope. Reporting to the Infrastructure Security Manager, you will secure our production environment and corporate systems by implementing security tools and processes. You will embody the InfraSec philosophy of "yes, and" rather than "no" by providing secure-by-design solutions while removing obstacles to productivity.

• Own the implementation of small-to-medium sized security projects and solutions, focusing on the team's primary areas of expertise: Identity and Access Management and Security Infrastructure Management.
• Develop, test, and deploy code/scripts for security tooling, enhancing Security Alerting, Logging, and Visibility systems to provide near-realtime notification of security-relevant changes and potential breaches.
• Actively manage and operate core security infrastructure, including remote access management solutions and systems related to Identity lifecycle, authentication policies, and centralized secrets management.
• Participate in core team processes, including on-call rotations, and directly contribute to triage alerts and collaborate with the Incident Response team when necessary.
• Assess the security of systems by maintaining and monitoring security controls on corporate and platform infrastructure (e.g., vulnerability scanners, host-based security tools, and network security monitoring) to identify and close visibility gaps.
• Partner with technical teams across Engineering and Infrastructure to advocate for and guide the adoption of security best practices, ensuring access controls limit risk by restricting access by business role and need-to-know.

• 2+ years of experience as a security engineer or security operations analyst, demonstrating the ability to work on small and defined security problems where the solution might not be fully defined.
• Strong understanding of Linux systems, services, and deployment models (e.g., Ubuntu).
• Experience with automating security tooling and workflows, including event enrichment, reduction, and correlation.
• Experience with engineering and maintaining Identity and Access Management systems (e.g., LDAP, Single Sign-On, VPN or Zero Trust solutions).
• Proficiency in scripting (Python, Bash, or equivalent) to efficiently automate tasks and streamline processes.
• Clear and effective written and verbal communication skills for technical writing, presenting, and providing security guidance.

• Experience with Vulnerability Management processes, focused on prioritizing known vulnerabilities for remediation at scale.
• Familiarity with network security concepts and experience in auditing network security configurations to identify vulnerabilities or misconfigurations.
• Experience managing Centralized Secrets Management platforms.
• Familiarity with Configuration as Code software (e.g., Chef, Salt, Ansible, Terraform).

• $102,800.00 - $128,500.00

*This is a remote role

JR: 2025-7360

#LI-Remote

#LI-AS1