Homeoffice Security Engineer, Vulnerability Management at Dropbox

Role Description

The Dropbox team is growing, and we’re looking for a security engineer to join our team. In this role, you’ll be part of a small team dedicated to performing Vulnerability Management at Dropbox. We are looking to hire junior team members to help us expand and improve our tooling. We collaborate closely with teams across the company to improve security. Our team culture rewards solid ownership, partnership, and discipline in how we develop. You’ll thrive in our team if you love making a difference, navigating through ambiguity, and supporting a culture of innovation and collaboration.

Our Engineering Career Framework is viewable by anyone outside the company and describes what’s expected for our engineers at each of our career levels. Check out our blog post on this topic and more here.

Responsibilities

• Partner with teams to improve the security bar at Dropbox in order to protect customer data.
• Automate security tasks with senior team members in order to expand Vulnerability Management tooling at Dropbox.
• Perform structured security risk assessments of current and new vulnerabilities and move vulnerabilities through the life-cycle of prioritization, mitigation, and remediation.
• Contribute to security strategies for new vulnerability management initiatives.
• Contribute to delivery of cross team initiatives.
• Participate in on-call rotation for vulnerability security issues.

Many teams at Dropbox run Services with on-call rotations, which entails being available for calls during both core and non-core business hours. If a team has an on-call rotation, all engineers on the team are expected to participate in the rotation as part of their employment. Applicants are encouraged to ask for more details of the rotations to which the applicant is applying.

Requirements

• 2+ years of security or software engineering experience or a BS degree in Computer Science, Security or related technical field involving coding (e.g., physics or mathematics).
• Demonstrated proficiency in Python, tooling development or automation scripting.
• Technical domain knowledge with Linux based systems.

Preferred Qualifications

• Experience with Go/ Node. 
• Experience automating with web API.
• Experience with security and vulnerability management.
• Technical domain knowledge in areas adjacent to security. For example, Application security, Cloud/LaaS products(e.g. AWS, GCP, Azure), Linux, Windows, or MacOS based systems, Networking, Reliability, Software development, Risk Assessment.