Role Description
At Dropbox, we believe in simplifying the way people work together. We provide a range of innovative cloud-based solutions to empower individuals and businesses to share, access, and collaborate on their files seamlessly. Security plays a pivotal role in shaping our mission of building a more enlightened way of working where everyone can unleash their creative potential without constraints.
As a Security Engineer, you'll safeguard our digital ecosystem alongside a diverse team of professionals dedicated to protecting our products and users. Trusted by millions, our mission is to integrate security seamlessly into Dropbox, empowering confident collaboration. Join us in owning a range of security projects, fostering innovation and growth in a collaborative environment.
Our Engineering Career Framework is viewable by anyone outside the company and describes what’s expected for our engineers at each of our career levels. Check out our blog post on this topic and more here.
Responsibilities
- Maintain a high and continuously improving bar for the security of Dropbox infrastructure in order to protect customer data.
- Review the current and upcoming infrastructure stack from a security perspective and provide hardening mechanisms and recommendations.
- Deploy, build, and/or operate security infrastructure solutions to help scale and raise the security bar for Dropbox’s on-prem and cloud infrastructure.
- Automate security controls using scripting to eliminate redundant work and minimize need for human involvement.
- Implement and deliver security solutions for medium- to large-sized projects independently, meeting quality and timeline expectations.
- Collaborate with cross functional teams and lead security initiatives to influence product decisions and enhance security posture.
- Apply technical expertise to solve security challenges, define technical roadmaps and implement security controls.
Many teams at Dropbox run Services with on-call rotations, which entails being available for calls during both core and non-core business hours. If a team has an on-call rotation, all engineers on the team are expected to participate in the rotation as part of their employment. Applicants are encouraged to ask for more details of the rotations to which the applicant is applying.
Requirements
- Experience with cloud security technologies like Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure.
- Solid knowledge of Linux fundamentals including system administration, security, networking, scripting, and troubleshooting.
- Proficiency using one or more scripting or high-level languages to automate tasks, manipulate data, or build small systems e.g. Bash, Python, Go, Rust, Ruby, NodeJS, C/C++, Java
- Demonstrated ability to drive improvement within systems, codebases, or organizations with a focus on solving problems.
- Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience, with coding proficiency.
- 2+ years of Security Experience, demonstrating impactful contributions to security strategies.
- Strong communication skills and ability to collaborate effectively.
- Independent work capability in dynamic environments.
Preferred Qualifications
- Experience in Kubernetes and container security.
- Experience with infrastructure as code technologies like Terraform.
- Experience with security tools such as Teleport, CrowdStrike, Proofpoint, IPS/IDS, SIEM or SOAR.
- Experience in zero trust architectures and tools.
- Certifications such as CISSP, CISM, or equivalent.
- Involvement in security community activities, conferences, or publications.