We are looking for a Staff Network Security Engineer to play a critical role in securing our global network infrastructure.As a Staff Network Security Engineer at DigitalOcean, you will join a dynamic team dedicated to revolutionizing cloud computing and AI. In this role, you will act as a key technical leader, responsible for securing our global network infrastructure by partnering with engineering teams to advise on secure architecture. This position, which reports to the Manager, Security Defense Engineering, involves architecting and building automated security tools and championing best practices to ensure our network remains resilient against evolving threats across our edge, backbone, and datacenter environments.
What You'll Do:- Define and enforce network security architecture standards and principles to ensure our networks are architected with security as a foundational element
- Provide technical leadership and mentorship to security and network engineering teams, serving as a subject matter expert on network security-related matters
- Lead network security assessments, including threat modeling, intrusion detection, and protocol-level analysis to identify and mitigate sophisticated attack vectors
- Develop and deploy advanced security automation, tooling, and infrastructure-as-code to continuously validate security posture and enforce compliance at scale
- Collaborate with network engineers to integrate security controls and telemetry within SDN, BGP/MPLS, and network automation platforms
- Participate in incident response efforts related to network security incidents
- Drive the security review process for all network infrastructure or product changes, ensuring designs adhere to established security standards and best practices before deployment
- Promote security best practices through documentation, tooling, and cross-team collaboration
What You'll Add to DigitalOcean:- 8-10 years of experience in network security engineering, network penetration testing, or security-focused infrastructure roles
- Excellent communication skills to effectively collaborate with both technical and non-technical stakeholders, explaining complex security concepts and advocating for security best practices
- Deep understanding of Layer 2/3/4 networking protocols (BGP, OSPF, IS-IS, VRRP, LACP) and their security implications
- Deep understanding of distributed denial-of-service (DDoS) attack vectors and mitigation strategies, including packet filtering, rate limiting, and scrubbing services
- Extensive experience in designing and building secure networks from the ground up
- Experience leading projects and providing technical guidance to cross-functional teamsProficiency in scripting/programming languages such as Python or Go for automation and tooling
- Familiarity with Corero, Cloudflare, Juniper, Arista, or Ciena network platforms
- Strong Linux experience and familiarity with firewall, routing, and DNS security
- Understanding and experience with Network Intrusion Detection principles and tooling
- Knowledge of MPLS, BGP-LU, and SDN architectures from a security perspective
- Hands-on experience with observability tools like Prometheus, Grafana, and ELK stack
- Comfortable with Git-based workflows and collaborative development
Bonus Skills Include:- Open-source contributions related to network security
- Background in security incident response or red/blue team operations
Compensation Range: *This is a remote role
#LI-Remote
