Lead and evolve the insider threat program by engineering detection, automating investigation workflows, tuning UEBA/SIEM/DLP/UAM/SOAR detection content, conducting threat hunting and DFIR, collaborating with HR/Legal, and using data analytics (e.g., Pandas) to investigate anomalous activity and reduce internal risk.
Dive in and do the best work of your career at DigitalOcean. Journey alongside a strong community of top talent who are relentless in their drive to build the simplest scalable cloud. If you have a growth mindset, naturally like to think big and bold, and are energized by the fast-paced environment of a true industry disruptor, you’ll find your place here. We value winning together—while learning, having fun, and making a profound difference for the dreamers and builders in the world.
We are looking for a highly experienced and motivated Senior Security Analyst who is passionate about advanced security monitoring, detection engineering, threat hunting, and maturing Insider Threat programs. As a Senior Security Analyst at DigitalOcean reporting to the Manager, Security Defense Engineering, you will lead and own critical aspects of our insider threat program, shaping how we detect, respond to, and prevent internal risks and malicious threats. You will leverage deep expertise to engineer sophisticated detection capabilities, develop metrics to measure program effectiveness, and drive continuous improvement across alerting and response functions. You will collaborate closely with DFIR, Threat Intelligence, HR, Legal and other cross-functional teams to close detection gaps and elevate the organization’s overall security posture.
What you'll do- Own and evolve the insider threat program strategy, ensuring alignment with evolving threat landscapes, privacy considerations, and business priorities.
- Advise on and implement preventative controls, balancing risk reduction against user friction for engineers.
- Engineer and automate end-to-end insider-threat detection and investigation workflows across DigitalOcean's cloud and corporate environments.
- Build, measure, and tune detection content and risk-scoring logic on UEBA / SIEM / DLP / UAM platforms; reduce false positives while keeping coverage sustainable.
- Work closely with Infrastructure Security Engineers to identify log sources, integrate, and maintain data pipelines (e.g., log sources, forwarders, parsing, enrichment) feeding insider-risk analytics.
- Develop a use-case library with corresponding playbooks and escalation procedures.
- Investigate anomalous activity (e.g., access abuse, data exfiltration, IP/source-code theft, including novel risks in AI/GPU infrastructure) and provide technical evidence to support cases.
- Partner with HR, Legal, and other necessary teams; communicate findings to technical and non-technical stakeholders.
- Uphold investigation and analytic tradecraft standards including confidentiality, objectivity, lawfulness, and timeliness.
- Manage and safeguard sensitive information, including case files, employee PII, and intelligence reports.
- Perform data analytics in large datasets using modern data science tools and techniques (e.g., Pandas) to spot anomalies and trace behaviors across disparate datasets.
- Perform intelligence analysis including pattern-of-life, time-series, clustering/grouping, visualization, and write clear-and-actionable reports.
- Stay ahead of the evolving threat landscape by tracking emerging insider risk TTPs, regulatory requirements, and best practices in privacy-preserving monitoring.
- 6+ years in detection & response, insider risk, or security engineering.
- Hands-on experience with UEBA, SIEM, DLP, UAM/SOAR concepts and tooling.
- Scripting proficiency (e.g., Python, Go, Bash) for detection content and automation.
- Familiarity with macOS, Windows, Linux, Kubernetes, and cloud infrastructure.
- Working knowledge of adversary tactics, data exfiltration techniques, and frameworks (MITRE ATT&CK, NIST).
- Demonstrated discretion and ethical judgment handling sensitive employee data.
- Data-science/anomaly-detection background, prior work securing AI/ML or GPU infrastructure
- $140,800 - $176,000
*This is a remote role
JR: 2026-8010
#LI-Remote
Why You’ll Like Working for DigitalOcean
- We innovate with purpose. You’ll be a part of a cutting-edge technology company with an upward trajectory, who are proud to simplify cloud and AI so builders can spend more time creating software that changes the world. As a member of the team, you will be a Shark who thinks big, bold, and scrappy, like an owner with a bias for action and a powerful sense of responsibility for customers, products, employees, and decisions.
- We prioritize career development. At DO, you’ll do the best work of your career. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that will always challenge you to think big. Our organizational development team will provide you with resources to ensure you keep growing. We provide employees with reimbursement for relevant conferences, training, and education. All employees have access to LinkedIn Learning's 10,000+ courses to support their continued growth and development.
- We care about your well-being. Regardless of your location, we will provide you with a competitive array of benefits to support you from our Employee Assistance Program to Local Employee Meetups to flexible time off policy, to name a few. While the philosophy around our benefits is the same worldwide, specific benefits may vary based on local regulations and preferences.
- We reward our employees. The salary range for this position is based on market data, relevant years of experience, and skills. You may qualify for a bonus in addition to base salary; bonus amounts are determined based on company and individual performance. We also provide equity compensation to eligible employees, including equity grants upon hire and the option to participate in our Employee Stock Purchase Program.
- DigitalOcean is an equal-opportunity employer. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.
Application Limit: You may apply to a maximum of 3 positions within any 180-day period. This policy promotes better role-candidate matching and encourages thoughtful applications where your qualifications align most strongly.
Similar Jobs at DigitalOcean
Artificial Intelligence • Cloud • Software • Infrastructure as a Service (IaaS)
Lead threat modeling and risk management for DigitalOcean's virtualization stack. Build frameworks and rubrics to assess hypervisor risk, propose and implement defense-in-depth mitigations, collaborate with engineering teams on remediation, mentor teams on secure design, and help oversee vulnerability management and security guidance.
Top Skills:
ApparmorAssemblyCContainerizationContinuous DeliveryContinuous IntegrationEmbedded SystemsGoKernel SecurityKvmLandlockQemuRustSelinuxVirtualized Environments
Artificial Intelligence • Cloud • Software • Infrastructure as a Service (IaaS)
Lead threat modeling and risk management for DigitalOcean's virtualization stack. Build frameworks and rubrics to assess hypervisor risk, propose and implement defense-in-depth mitigations, collaborate with engineering teams on remediation, mentor teams on secure design, and help oversee vulnerability management and security guidance.
Top Skills:
ApparmorAssemblyCContainerizationContinuous DeliveryContinuous IntegrationEmbedded SystemsGoKernel SecurityKvmLandlockQemuRustSelinuxVirtualized Environments
Artificial Intelligence • Cloud • Software • Infrastructure as a Service (IaaS)
Lead technical design and enforcement of network security for global edge, backbone, and datacenter environments. Perform threat modeling, protocol analysis, DDoS mitigation, security automation, tooling, and incident response. Partner with network teams to integrate controls, telemetry, and IaC-based validation, and mentor engineers while driving security reviews and best practices adoption.
Top Skills:
AristaBgpBgp-LuCienaCloudflareCoreroDns SecurityElkFirewallGitGoGrafanaIs-IsJuniperLacpLinuxMplsNetwork Intrusion DetectionOspfPrometheusPythonSdnVrrp
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
