Partner with engineering teams to conduct security design reviews and threat modeling to identify and mitigate risks early in the SDLC. Develop tooling, documentation, and automation to scale security reviews and provide expert guidance on secure implementation patterns.
This is a remote position.
As part of the Product Security Architecture team, you'll help reduce security risk across Dropbox by partnering with engineering and product teams throughout the software development lifecycle (SDLC).
Our team focuses on security threat modeling, and consulting. We work closely with product and infrastructure teams to identify security risks early in the design process, provide practical security guidance, and help teams build secure systems. We also develop tooling, documentation, and automation that improve the efficiency and scalability of security reviews across Dropbox.
This role is ideal for a security engineer who enjoys solving technical problems, collaborating with engineers, and helping teams make informed security decisions.
Responsibilities
- Participate in security design reviews and threat modeling exercises for new products, services, and platform capabilities.
- Partner with engineering teams to identify security risks and recommend practical mitigations during the design and development process.
- Serve as a security consultant for product and engineering teams, answering security questions and providing guidance on secure implementation patterns.
- Review application and system architectures, technical designs, data flows, and deployment models to identify security risks and recommend secure design patterns
- Partner with engineering teams developing AI and machine learning features to identify emerging security risks and recommend secure implementation patterns.
- Help maintain and improve security standards, guidance, reference architectures, and internal documentation.
- Develop or enhance tooling and automation that improve the efficiency of threat modeling, security reviews, and risk assessment processes.
- Collaborate with other Product Security engineers to perform application security assessments and investigate security concerns identified during development.
- Contribute to developer education efforts through documentation, office hours, workshops, or security awareness initiatives.
- Support security incident investigations and root cause analysis when application security issues are discovered.
Requirements
Required Qualifications
- Available to work until 11:00AM Pacific Standard Time (PST).
- 5+ years of experience in Application Security, Product Security, or a related field.
- Strong understanding of common application security vulnerabilities (OWASP Top 10, API Security, authentication, authorization, secrets management, cryptography, etc.).
- Experience participating in security reviews, threat modeling exercises, architecture discussions, or application security assessments.
- Strong technical writing skills and experience creating documentation and guidelines.
- Strong communication skills and ability to explain security concepts to engineers with varying levels of security expertise.
- Experience working collaboratively with software engineering teams to identify and address security risks.
- Familiarity with cloud platforms and modern application architectures (AWS preferred).
- Ability to assess risk, prioritize issues, and provide practical security recommendations.
- Experience reading and understanding source code in one or more modern programming languages.
- Experience building scripts, tools, or automation to improve engineering or security workflows.