Senior Infrastructure Security Engineer
<h2>Role Description</h2> <p><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">At Dropbox, we believe in simplifying the way people work together. We provide a range of innovative cloud-based solutions to empower individuals and businesses to share, access, and collaborate on their files seamlessly. Security plays a pivotal role in shaping our mission of building a more enlightened way of working where everyone can unleash their creative potential without constraints.</span></p> <p><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">As a Security Engineer, you'll safeguard our digital ecosystem alongside a diverse team of professionals dedicated to protecting our products and users. Trusted by millions, our mission is to integrate security seamlessly into Dropbox, empowering confident collaboration. Join us in owning a range of security projects, fostering innovation and growth in a collaborative environment.</span></p> <div> <p><span class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90z95lz89zy6z71zz79zz84zz68zyz69zupz72zz79zcz69zz76zkz79zp1z66ztz67zxz71zz89zz86zz71z">Our Engineering Career Framework is </span><span class="attrlink url author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90z95lz89zy6z71zz79zz84zz68zyz69zupz72zz79zcz69zz76zkz79zp1z66ztz67zxz71zz89zz86zz71z"><a class="attrlink" href="https://dropbox.github.io/dbx-career-framework/" target="_blank" data-target-href="https://dropbox.github.io/dbx-career-framework/"><u>viewable by anyone outside the company</u></a></span><span class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90z95lz89zy6z71zz79zz84zz68zyz69zupz72zz79zcz69zz76zkz79zp1z66ztz67zxz71zz89zz86zz71z"> and describes what’s expected for our engineers at each of our career levels. Check out our blog post on this topic and more </span><span class="attrlink url author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90z95lz89zy6z71zz79zz84zz68zyz69zupz72zz79zcz69zz76zkz79zp1z66ztz67zxz71zz89zz86zz71z"><a class="attrlink" href="https://dropbox.tech/culture/sharing-our-engineering-career-framework-with-the-world" target="_blank" data-target-href="https://dropbox.tech/culture/sharing-our-engineering-career-framework-with-the-world">here</a></span><span class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90z95lz89zy6z71zz79zz84zz68zyz69zupz72zz79zcz69zz76zkz79zp1z66ztz67zxz71zz89zz86zz71z">.</span></p> </div> <h2>Responsibilities</h2> <ul> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">Design, deploy and operate infrastructure-level security controls for Dropbox's AI and agentic infrastructure, including cloud infrastructure, Kubernetes and data stores.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">Design and implement secure authentication, authorization and networking patterns for AI agents and other non-human actors</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">Lead security implementation for secure usage of AI tools and governance.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">Maintain a high and continuously improving bar for the security of Dropbox infrastructure in order to protect customer data.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">Review the current and upcoming infrastructure stack from a security perspective and provide hardening mechanisms and</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z"><strong> </strong></span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">recommendations.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">Deploy, build, and/or operate security infrastructure solutions to help scale</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify"> and raise</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z"> the security </span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">bar for Dropbox’s on-prem and cloud infrastructure.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">Collaborate with </span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">cross functional </span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">teams and lead security initiatives to influence product decisions and enhance security posture.</span></li> </ul> <p><span class="thread-348589118974529206372994 attrcomment attrcommentfirst thread-348589118974529206372994-first author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90z95lz89zy6z71zz79zz84zz68zyz69zupz72zz79zcz69zz76zkz79zp1z66ztz67zxz71zz89zz86zz71z"><span class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90z9z84zyz72zz70zz71zz72zhwl8r6xz85zr3z69z6z86zz78zz76zcfvdsgm4t">Many teams at Dropbox run Services with on-call rotations, which entails being available for calls during both core and non-core business hours. If a team has an on-call rotation, all engineers on the team are expected to participate in the rotation as part of their employment. Applicants are encouraged to ask for more details of the rotations to which the applicant is applying.</span></span></p> <h2>Requirements</h2> <ul> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">9</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz81zz86z9z90zz78zpz67zz74zz66zz85zy1z82zkz89zz89zt8z83zz65zz83z6z85zz78z8z77zz70zlz68zz81z7">+</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z"> years of Security experience or related industry experience, demonstrating impactful contributions to security strategies.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience, with coding proficiency.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">Experience in s</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">ecuring agentic AI systems with hands-on implementation of security controls targeting AI-specific vulnerabilities like prompt injection, data or model poisoning, and AI supply-chain risk.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">Experience in d</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">esigning and implementing identity and authorization for non-human workloads and agents using modern frameworks such as SPIFFE/SPIRE, OAuth 2.1, OIDC, or cloud provider equivalents.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">Experience implementing policy-as-code, infrastructure-as-code, and security automation for cloud and AI platforms.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">Experience </span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">with </span><span class="thread-000395457356270401102634 author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">cloud security</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify"> technologies for providers like Amazon Web Services</span> <span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify h-lparen">(AWS),</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify"> Google Cloud Platform</span> <span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify h-lparen">(GCP)</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify"> or Microsoft Azure.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz81zz86z9z90zz78zpz67zz74zz66zz85zy1z82zkz89zz89zt8z83zz65zz83z6z85zz78z8z77zz70zlz68zz81z7">Proficiency using one or more scripting or high-level languages to automate tasks, manipulate data, or build small systems e.g. Bash, Python, Go, Rust, Ruby, NodeJS, C/C++, Java.</span></li> </ul> <h2>Preferred Qualifications</h2> <ul> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">Experience securing MCP-based systems or similar AI agent and tool protocols. </span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">Experience with multi-agent security controls such as trust boundaries, signed inter-agent messaging, and circuit breakers. </span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">Familiarity with NIST AI RMF, NIST SP 800-218A, OWASP LLM and agentic security guidance. </span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">Experience in </span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz81zz66z29z66zfz77zz73zaz83zz88zz66zprz79zz65z8z73z4hz79zuz86zz85zz78zwz81ztz72z0h">K</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">ubernetes and container security.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">Experience with security tools such as </span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz81zz66z29z66zfz77zz73zaz83zz88zz66zprz79zz65z8z73z4hz79zuz86zz85zz78zwz81ztz72z0h">T</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">eleport, </span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz81zz66z29z66zfz77zz73zaz83zz88zz66zprz79zz65z8z73z4hz79zuz86zz85zz78zwz81ztz72z0h">C</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">rowd</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz81zz66z29z66zfz77zz73zaz83zz88zz66zprz79zz65z8z73z4hz79zuz86zz85zz78zwz81ztz72z0h">S</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">trike, </span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz81zz66z29z66zfz77zz73zaz83zz88zz66zprz79zz65z8z73z4hz79zuz86zz85zz78zwz81ztz72z0h">P</span><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qovukz87zz90zxpkuz122zz80zsz67zz122zm5fxz70zz77zfdz84zz70z4sgz89zcify">roofpoint, IPS/IDS, SIEM or SOAR.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">Certifications such as CISSP, CISM, or equivalent.</span></li> <li><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz80ziz90zz66z78z76zz71zdz75zz89ztz80zlz90zz86zlisz88zz68zz88zoz83zz89zgz87zslz76zz80z">Involvement in security community activities, conferences, or publications.</span></li> </ul> <h2 data-usually-unique-id="044234883370604133046166"><span class=" author-d-1gg9uz65z1iz85zgdz68zmqkz84zo2qowz81zqz90zkz74zz76zeez80zz68zz89zz88zvqz86zuxlz73zexxz80zz73z6d6z72zz79zsz77z">Compensation</span></h2><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p><span style="font-size: 16px;">US Zone 1</span></p> <p><span style="font-size: 16px;">This role is not available in Zone 1</span></p></div><div class="title">US Zone 2</div><div class="pay-range"><span>$214,200</span><span class="divider">—</span><span>$289,800 USD</span></div></div><div class="pay-input"><div class="title">US Zone 3</div><div class="pay-range"><span>$190,400</span><span class="divider">—</span><span>$257,600 USD</span></div></div></div>