DigitalOceanRemote
Staff Network Security Engineer
United States of America
Full Time
4 hours ago
$169,000 - $211,000 USD
H1B Sponsor Likely
Key skills
PythonGoAIDigitalOceanPrometheusGrafanaELK StackGitCloudflareLeadershipCommunicationCollaborationPenetration TestingNetwork SecurityFirewall
About this role
DigitalOcean is a cutting-edge technology company focused on simplifying cloud computing and AI. They are seeking a Staff Network Security Engineer to secure their global network infrastructure and provide technical leadership in network security architecture and best practices.
Responsibilities:
- Define and enforce network security architecture standards and principles to ensure our networks are architected with security as a foundational element
- Provide technical leadership and mentorship to security and network engineering teams, serving as a subject matter expert on network security-related matters
- Lead network security assessments, including threat modeling, intrusion detection, and protocol-level analysis to identify and mitigate sophisticated attack vectors
- Develop and deploy advanced security automation, tooling, and infrastructure-as-code to continuously validate security posture and enforce compliance at scale
- Collaborate with network engineers to integrate security controls and telemetry within SDN, BGP/MPLS, and network automation platforms
- Participate in incident response efforts related to network security incidents
- Drive the security review process for all network infrastructure or product changes, ensuring designs adhere to established security standards and best practices before deployment
- Promote security best practices through documentation, tooling, and cross-team collaboration
Requirements:
- 8-10 years of experience in network security engineering, network penetration testing, or security-focused infrastructure roles
- Excellent communication skills to effectively collaborate with both technical and non-technical stakeholders, explaining complex security concepts and advocating for security best practices
- Deep understanding of Layer 2/3/4 networking protocols (BGP, OSPF, IS-IS, VRRP, LACP) and their security implications
- Deep understanding of distributed denial-of-service (DDoS) attack vectors and mitigation strategies, including packet filtering, rate limiting, and scrubbing services
- Extensive experience in designing and building secure networks from the ground up
- Experience leading projects and providing technical guidance to cross-functional teams
- Proficiency in scripting/programming languages such as Python or Go for automation and tooling
- Familiarity with Corero, Cloudflare, Juniper, Arista, or Ciena network platforms
- Strong Linux experience and familiarity with firewall, routing, and DNS security
- Understanding and experience with Network Intrusion Detection principles and tooling
- Knowledge of MPLS, BGP-LU, and SDN architectures from a security perspective
- Hands-on experience with observability tools like Prometheus, Grafana, and ELK stack
- Comfortable with Git-based workflows and collaborative development
- Open-source contributions related to network security
- Background in security incident response or red/blue team operations