DigitalOcean is a leading cloud service provider dedicated to simplifying cloud computing. They are seeking an Infrastructure Security Engineer to build and maintain robust security systems that protect their production and corporate infrastructure.
Responsibilities:
- Own the implementation of small-to-medium sized security projects and solutions, focusing on the team's primary areas of expertise: Identity and Access Management and Security Infrastructure Management
- Develop, test, and deploy code/scripts for security tooling, enhancing Security Alerting, Logging, and Visibility systems to provide near-realtime notification of security-relevant changes and potential breaches
- Actively manage and operate core security infrastructure, including remote access management solutions and systems related to Identity lifecycle, authentication policies, and centralized secrets management
- Participate in core team processes, including on-call rotations, and directly contribute to triage alerts and collaborate with the Incident Response team when necessary
- Assess the security of systems by maintaining and monitoring security controls on corporate and platform infrastructure (e.g., vulnerability scanners, host-based security tools, and network security monitoring) to identify and close visibility gaps
- Partner with technical teams across Engineering and Infrastructure to advocate for and guide the adoption of security best practices, ensuring access controls limit risk by restricting access by business role and need-to-know
Requirements:
- 2+ years of experience as a security engineer or security operations analyst, demonstrating the ability to work on small and defined security problems where the solution might not be fully defined
- Strong understanding of Linux systems, services, and deployment models (e.g., Ubuntu)
- Experience with automating security tooling and workflows, including event enrichment, reduction, and correlation
- Experience with engineering and maintaining Identity and Access Management systems (e.g., LDAP, Single Sign-On, VPN or Zero Trust solutions)
- Proficiency in scripting (Python, Bash, or equivalent) to efficiently automate tasks and streamline processes
- Clear and effective written and verbal communication skills for technical writing, presenting, and providing security guidance
- Experience with Vulnerability Management processes, focused on prioritizing known vulnerabilities for remediation at scale
- Familiarity with network security concepts and experience in auditing network security configurations to identify vulnerabilities or misconfigurations
- Experience managing Centralized Secrets Management platforms
- Familiarity with Configuration as Code software (e.g., Chef, Salt, Ansible, Terraform)