Dive in and do the best work of your career at DigitalOcean. Journey alongside a strong community of top talent who are relentless in their drive to build the simplest scalable cloud. If you have a growth mindset, naturally like to think big and bold, and are energized by the fast-paced environment of a true industry disruptor, you’ll find your place here. We value winning together—while learning, having fun, and making a profound difference for the dreamers and builders in the world. We’re looking for a Staff Product Security Engineer who is passionate about partnering with engineers to assess the security risk of new products and features and build secure-by-default paved roads. As a member of the Product Security team, you will report to the Senior Manager of Product Security. Our mission is to minimize security risk while maximizing business velocity. This staff engineer will help oversee the strategic functions of two Product Security teams: Secure Design and Security Platform. Our Secure Design team enables DigitalOcean to build secure-by-design products. We leverage strong relationships with both product teams and the rest of security engineering to be successful. Our scope is primarily focused on reviewing early-stage decisions, helping develop threat models, scaling impact via automation, curating security patterns, authoring security guidance, training, and championing security initiatives. Our Security Platform team secures the development and environment of our engineers and production services. We achieve this by implementing controls that layer security into the groundwork of our engineering infrastructure, streamlining implementations, and measuring effectiveness. We help build the platform that ensures software development at DigitalOcean is safe, easy, and low-risk. You will collaborate with other security teams and the rest of DigitalOcean to guide secure architecture design, reduce security risk in the organization, and empower engineers to make informed security decisions. Security at DO means solving incredibly complex problems at a high-scale that have real impact for our customers, our products, and the larger internet community. What You’ll do: Threat model application designs and solutions and provide security risk assessments (60%) - Provide deep technical expertise in software and network architecture during holistic assessments of security layers across infrastructure, application, people, and process. - Collaborate with product managers, designers, and engineers to threat model and architect secure and resilient systems. - Identify the trade-offs of different solutions and recommend the efficient design to achieve both functional goals and security requirements. - Provide hands-on remediation guidance to development teams. Build secure-by-default guardrails for engineers (30%) - Design and build internal tooling to provide engineering teams with secure-by-default configurations and libraries. - Write robust, resilient, and maintainable software, primarily in Go and Python. You may sometimes work on a frontend. - We do not believe in Security Obstructionism and carefully integrate a small number of vendor tools into our development pipelines. You will help drive the successful integration of these tools as well as build security initiatives around their data that empower engineers rather than add friction or blocking gates. - Prioritize the user experience (our customers are internal dev teams) to ensure security’s libraries and services are the easiest, fastest way to get work done. Cultivate and promote a security culture (10%) - Champion an internal security culture (developer training, internal CTFs, etc.). - Mentor software engineering teams in security best practices. - Help oversee our vulnerability management program (we call it security debt). - Help DigitalOcean engineers understand how security events impact them. Do they need to worry about the next Log4j CVE? How does RetBleed impact DigitalOcean’s fleet? What You’ll add to DigitalOcean: Required qualifications: - Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities. - Ability to clearly communicate security topics and vulnerability classes (e.g. OWASP Top Ten) and ability to provide actionable direction to product teams. - A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity. Engineering teams are our partners, not our adversaries. - Strong knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery). Preferred qualifications: - 6+ years experience guiding software teams on secure architecture design. - 5+ years of experience in software engineering projects, ideally with a security focus. We primarily develop in Go, Python, and JavaScript. You are comfortable writing robust code with good test coverage and can point to specific examples of projects you’ve successfully delivered in the past. - Experience building or reviewing threat models and ability to craft malicious user, attacker, and abuse/misuse cases. - Working knowledge of hardware and software supply chain security. - Familiarity with technologies such as gRPC, Docker, Prometheus, Kubernetes, HashiCorp Vault, and GitHub Actions. Compensation Range: - $170,000-$200,000 *This is a remote role JR: 2026-7647 #LI-Remote Why You’ll Like Working for DigitalOcean - We innovate with purpose. You’ll be a part of a cutting-edge technology company with an upward trajectory, who are proud to simplify cloud and AI so builders can spend more time creating software that changes the world. As a member of the team, you will be a Shark who thinks big, bold, and scrappy, like an owner with a bias for action and a powerful sense of responsibility for customers, products, employees, and decisions. - We prioritize career development. At DO, you’ll do the best work of your career. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that will always challenge you to think big. Our organizational development team will provide you with resources to ensure you keep growing. We provide employees with reimbursement for relevant conferences, training, and education. All employees have access to LinkedIn Learning's 10,000+ courses to support their continued growth and development. - We care about your well-being. Regardless of your location, we will provide you with a competitive array of benefits to support you from our Employee Assistance Program to Local Employee Meetups to flexible time off policy, to name a few. While the philosophy around our benefits is the same worldwide, specific benefits may vary based on local regulations and preferences. - We reward our employees. The salary range for this position is based on market data, relevant years of experience, and skills. You may qualify for a bonus in addition to base salary; bonus amounts are determined based on company and individual performance. We also provide equity compensation to eligible employees, including equity grants upon hire and the option to participate in our Employee Stock Purchase Program. - DigitalOcean is an equal-opportunity employer. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service. Application Limit: You may apply to a maximum of 3 positions within any 180-day period. This policy promotes better role-candidate matching and encourages thoughtful applications where your qualifications align most strongly.

Dive in and do the best work of your career at DigitalOcean. Journey alongside a strong community of top talent who are relentless in their drive to build the simplest scalable cloud. If you have a growth mindset, naturally like to think big and bold, and are energized by the fast-paced environment of a true industry disruptor, you’ll find your place here. We value winning together—while learning, having fun, and making a profound difference for the dreamers and builders in the world. We’re looking for a Staff Product Security Engineer who is passionate about partnering with engineers to assess the security risk of new products and features and build secure-by-default paved roads. As a member of the Product Security team, you will report to the Senior Manager of Product Security. Our mission is to minimize security risk while maximizing business velocity. This staff engineer will help oversee the strategic functions of two Product Security teams: Secure Design and Security Platform. Our Secure Design team enables DigitalOcean to build secure-by-design products. We leverage strong relationships with both product teams and the rest of security engineering to be successful. Our scope is primarily focused on reviewing early-stage decisions, helping develop threat models, scaling impact via automation, curating security patterns, authoring security guidance, training, and championing security initiatives. Our Security Platform team secures the development and environment of our engineers and production services. We achieve this by implementing controls that layer security into the groundwork of our engineering infrastructure, streamlining implementations, and measuring effectiveness. We help build the platform that ensures software development at DigitalOcean is safe, easy, and low-risk. You will collaborate with other security teams and the rest of DigitalOcean to guide secure architecture design, reduce security risk in the organization, and empower engineers to make informed security decisions. Security at DO means solving incredibly complex problems at a high-scale that have real impact for our customers, our products, and the larger internet community. What You’ll do: Threat model application designs and solutions and provide security risk assessments (60%) - Provide deep technical expertise in software and network architecture during holistic assessments of security layers across infrastructure, application, people, and process. - Collaborate with product managers, designers, and engineers to threat model and architect secure and resilient systems. - Identify the trade-offs of different solutions and recommend the efficient design to achieve both functional goals and security requirements. - Provide hands-on remediation guidance to development teams. Build secure-by-default guardrails for engineers (30%) - Design and build internal tooling to provide engineering teams with secure-by-default configurations and libraries. - Write robust, resilient, and maintainable software, primarily in Go and Python. You may sometimes work on a frontend. - We do not believe in Security Obstructionism and carefully integrate a small number of vendor tools into our development pipelines. You will help drive the successful integration of these tools as well as build security initiatives around their data that empower engineers rather than add friction or blocking gates. - Prioritize the user experience (our customers are internal dev teams) to ensure security’s libraries and services are the easiest, fastest way to get work done. Cultivate and promote a security culture (10%) - Champion an internal security culture (developer training, internal CTFs, etc.). - Mentor software engineering teams in security best practices. - Help oversee our vulnerability management program (we call it security debt). - Help DigitalOcean engineers understand how security events impact them. Do they need to worry about the next Log4j CVE? How does RetBleed impact DigitalOcean’s fleet? What You’ll add to DigitalOcean: Required qualifications: - Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities. - Ability to clearly communicate security topics and vulnerability classes (e.g. OWASP Top Ten) and ability to provide actionable direction to product teams. - A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity. Engineering teams are our partners, not our adversaries. - Strong knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery). Preferred qualifications: - 6+ years experience guiding software teams on secure architecture design. - 5+ years of experience in software engineering projects, ideally with a security focus. We primarily develop in Go, Python, and JavaScript. You are comfortable writing robust code with good test coverage and can point to specific examples of projects you’ve successfully delivered in the past. - Experience building or reviewing threat models and ability to craft malicious user, attacker, and abuse/misuse cases. - Working knowledge of hardware and software supply chain security. - Familiarity with technologies such as gRPC, Docker, Prometheus, Kubernetes, HashiCorp Vault, and GitHub Actions. Compensation Range: - $170,000-$200,000 *This is a remote role JR: 2026-7647 #LI-Remote Why You’ll Like Working for DigitalOcean - We innovate with purpose. You’ll be a part of a cutting-edge technology company with an upward trajectory, who are proud to simplify cloud and AI so builders can spend more time creating software that changes the world. As a member of the team, you will be a Shark who thinks big, bold, and scrappy, like an owner with a bias for action and a powerful sense of responsibility for customers, products, employees, and decisions. - We prioritize career development. At DO, you’ll do the best work of your career. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that will always challenge you to think big. Our organizational development team will provide you with resources to ensure you keep growing. We provide employees with reimbursement for relevant conferences, training, and education. All employees have access to LinkedIn Learning's 10,000+ courses to support their continued growth and development. - We care about your well-being. Regardless of your location, we will provide you with a competitive array of benefits to support you from our Employee Assistance Program to Local Employee Meetups to flexible time off policy, to name a few. While the philosophy around our benefits is the same worldwide, specific benefits may vary based on local regulations and preferences. - We reward our employees. The salary range for this position is based on market data, relevant years of experience, and skills. You may qualify for a bonus in addition to base salary; bonus amounts are determined based on company and individual performance. We also provide equity compensation to eligible employees, including equity grants upon hire and the option to participate in our Employee Stock Purchase Program. - DigitalOcean is an equal-opportunity employer. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service. Application Limit: You may apply to a maximum of 3 positions within any 180-day period. This policy promotes better role-candidate matching and encourages thoughtful applications where your qualifications align most strongly.

Role Description This is a strategic leadership role at the forefront of building and scaling a modern, global security function in a fully remote and fast-evolving environment. You will be responsible for shaping and executing a comprehensive security strategy that protects systems, data, and operations across a distributed workforce. Working closely with senior leadership, you’ll influence key business decisions while fostering a strong culture of security awareness and resilience. This position offers the opportunity to lead a high-performing team, drive innovation through automation and AI, and make a tangible impact on organizational growth and trust. The role is ideal for a forward-thinking leader who thrives in dynamic, international settings and is passionate about advancing security maturity at scale. - Define and execute a comprehensive information security strategy aligned with business objectives, ensuring robust protection of systems and data. - Collaborate with senior leadership and cross-functional stakeholders to shape the long-term security vision and roadmap. - Lead, mentor, and grow a high-performing, autonomous security team while fostering continuous learning and development. - Drive enterprise-wide security risk management initiatives in partnership with legal, finance, and data protection functions. - Oversee and enhance application security practices to ensure the delivery of secure, reliable products and services. - Establish and strengthen incident response frameworks, promoting a proactive and resilient security culture. - Monitor, report, and communicate security risks, performance metrics, and incidents to executive leadership and key stakeholders. - Ensure compliance with relevant regulations, standards, and customer security requirements, and continuously improve the Information Security Management System (ISMS). Qualifications - Extensive experience leading and managing security teams, including oversight of people, processes, and security services. - Professional certifications in cybersecurity or information security management (e.g., CISSP, CISM). - Proven expertise in developing and implementing security strategies within complex, high-growth environments. - Strong knowledge of security principles, technologies, and engineering domains, including application security and risk management. - Ability to communicate complex security concepts clearly to both technical and non-technical stakeholders, including executive leadership. - Demonstrated ability to navigate ambiguity, prioritize effectively, and drive execution at scale. - Excellent written and verbal communication skills, with a strong emphasis on clarity and influence. - A proactive mindset with a focus on innovation, continuous improvement, and fostering a positive team culture. Requirements - Competitive salary ranging from $86,350 to $194,300 USD annually, depending on experience and location. - Fully remote work environment with the flexibility to work from anywhere. - Flexible working hours and generous paid time off policies. - Comprehensive parental leave (16 weeks paid). - Mental health and wellbeing support services. - Equity or stock options participation. - Dedicated learning and development budget. - Home office setup budget and necessary IT equipment provided. - Budget for coworking spaces or local social events. - Strong focus on work-life balance with asynchronous collaboration practices.

NOTE: This position is available for remote work within the contiguous United States, with travel as required for business needs. Priority consideration will be given to candidates agreeable to work full-time in either our Corvallis, OR or Houston, TX office location. POSITION SUMMARY: This position will report to the Director, PMCoE and will assume a lead role in the development, implementation, and management of Project Risk Management strategy, processes, tools and procedures for the organization. Program Manager, Project Risk Management leads the planning, assessment, and monitoring aspects of the risk process and uses project and risk data to inform the organization for planning, forecasting, and decision making. ESSENTIAL DUTIES AND RESPONSIBILITIES: - Maintains existing project risk management processes and procedures or develops new ones. Manages the interfaces between project risk and other risk processes. - Develops and delivers risk management training and provides user support to the organization for the NuScale risk software and tools ensuring broad adoption and consistent application across teams. Mentors assigned project risk managers on best practices for project risk management. - Manages information systems; including accuracy of data entered into existing databases, integration of data across multiple platforms, process and tool development and improvements, and risk and program reporting templates and standards. - In coordination with proposal teams, leads risk identification and assessment in support of the commercial proposal process. Develops and maintains standard risk checklists to support commercial activities. - Reviews project risk management plans for new projects. Participates in project risk review meetings. Monitors and supports project risk management implementation. - Provides subject matter expertise (SME) to project risk managers and project teams to facilitate the identification, assessment, monitoring, analysis, and reporting of project risk and opportunities. - In support of project teams, performs quantitative analysis of risk impacts to project cost and schedule and provides data-driven insights to inform decision-making. Conducts what-if, root cause, and other decision making/issue identification analyses to inform handling strategy selection. - Develops, oversees, and integrates project risk management frameworks across multiple departments, from small to large-scale projects. Defines criteria for elevating project risks and transferring risk to or from other processes. - Performs other duties as assigned. CORE COMPETENCIES: To perform the job successfully, the individual should demonstrate competencies in performing the essential functions of this position by performing satisfactorily in each of these competencies. - Problem solving: Identifies and resolves problems in a timely manner, gathers and reviews information appropriately. Uses own judgment and acts independently; seeks input from other team members as appropriate for complex or sensitive situations. - Oral/written communication: Listens carefully and speaks clearly and professionally in all situations. Edits work for accuracy and clarity, is able to create, read and interpret complex written information. Ability to develop strong interpersonal networks within the organization. - Planning/organizing: Prioritizes and plans work activities, organizes personal and project timelines and deadlines, tracks project timelines and deadlines, and uses time efficiently. - Adaptability: Adapts to changes in the work environment, manages competing demands and is able to deal with frequent interruptions, changes, delays, or unexpected events. - Dependability: Consistently on time and at work, responds to management expectations and solicits feedback to improve performance. - Team Building: Capable of developing strong interpersonal networks and trust within the organization. Leads consensus by involving all stakeholders, facilitating their understanding of differences, agreeing on requirements and constraints, and developing the best solution. - Safety Culture: Adheres to the NuScale Safety culture and is expected to model safe behavior and influence peers to meet high standards. - Quality Assurance: Commits to the understanding and implementation of quality assurance regulations, standards and guidelines of 10 CFR 50 Appendix B, 10 CFR 21, and NQA-1. MINIMUM SKILLS, QUALIFICATIONS AND ABILITIES: - Education: A minimum of a B.S. or B.A. degree in engineering or business is required. - Experience: Minimum of 8 years of full-time Risk Management experience working in a project/program management or in engineering organization is required. Nuclear industry experience is preferred. Familiarity with project risk management implementation, planning/scheduling tools and techniques, PMO processes, spreadsheets and databases is also required (Preferably; ARM, Primavera P6, PRISM, Primavera Risk Analysis, and Palisade @Risk). Must possess strong technical writing skills and be able to clearly communicate via written, oral, and electronic means. Must have exceptional organization skills and the ability to manage complex projects with multiple work phases with minimal supervision. - Industry Requirements: Eligible to work under Department of Energy 10 CFR Part 810. PHYSICAL DEMANDS: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. - Ability to understand and communicate clearly using a phone, personal interaction, and computers. - Ability to learn new job functions and comprehend and understand new concepts quickly and apply them accurately in a rapidly evolving environment. - The employee frequently is required; to sit and stand; walk; bend, use hands to operate office equipment; and reach with hands and arms. Ability to lift ten to fifteen pounds. Disclaimer: Employee(s) must perform the essential duties and responsibilities with or without reasonable accommodation efficiently and accurately without causing significant safety threat to self or others. The above statements are intended to describe the general nature and level of work being performed by employee(s) assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and/or skills required of all employees in this classification. NuScale Power, LLC is an equal opportunity employer and does not discriminate against otherwise qualified applicants on the basis of race, color, creed, religion, ancestry, age, sex, marital status, national origin, disability or handicap, or veteran status. Pay and Benefits: The target base salary range for this position is $150,537 - $181,683 annually. The full base salary range is $134,964 - $211,098 annually. At NuScale, compensation decisions are determined using factors such as relevant job-related skills, full-time working experience, education and training, equity within the department. For information on employee benefits, please visit our Careers Overview page: Employee Benefits | NuScale Power