Application Security - Design Reviews Threat Modelling

 Posted an hour ago
  
 Worldwide
  
5-10 years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Partner with engineering teams to conduct security design reviews and threat modeling to identify and mitigate risks early in the SDLC. Develop tooling, documentation, and automation to scale security reviews and provide expert guidance on secure implementation patterns.

This is a remote position.

As part of the Product Security Architecture team, you'll help reduce security risk across Dropbox by partnering with engineering and product teams throughout the software development lifecycle (SDLC).

 Our team focuses on security threat modeling, and consulting. We work closely with product and infrastructure teams to identify security risks early in the design process, provide practical security guidance, and help teams build secure systems. We also develop tooling, documentation, and automation that improve the efficiency and scalability of security reviews across Dropbox.

This role is ideal for a security engineer who enjoys solving technical problems, collaborating with engineers, and helping teams make informed security decisions.

Responsibilities

  • Participate in security design reviews and threat modeling exercises for new products, services, and platform capabilities.
  • Partner with engineering teams to identify security risks and recommend practical mitigations during the design and development process.
  • Serve as a security consultant for product and engineering teams, answering security questions and providing guidance on secure implementation patterns.
  • Review application and system architectures, technical designs, data flows, and deployment models to identify security risks and recommend secure design patterns
  • Partner with engineering teams developing AI and machine learning features to identify emerging security risks and recommend secure implementation patterns.
  • Help maintain and improve security standards, guidance, reference architectures, and internal documentation.
  • Develop or enhance tooling and automation that improve the efficiency of threat modeling, security reviews, and risk assessment processes.
  • Collaborate with other Product Security engineers to perform application security assessments and investigate security concerns identified during development.
  • Contribute to developer education efforts through documentation, office hours, workshops, or security awareness initiatives.
  • Support security incident investigations and root cause analysis when application security issues are discovered.

Requirements

Required Qualifications

  • Available to work until 11:00AM Pacific Standard Time (PST).
  • 5+ years of experience in Application Security, Product Security, or a related field.
  • Strong understanding of common application security vulnerabilities (OWASP Top 10, API Security, authentication, authorization, secrets management, cryptography, etc.).
  • Experience participating in security reviews, threat modeling exercises, architecture discussions, or application security assessments.
  • Strong technical writing skills and experience creating documentation and guidelines.
  • Strong communication skills and ability to explain security concepts to engineers with varying levels of security expertise.
  • Experience working collaboratively with software engineering teams to identify and address security risks.
  • Familiarity with cloud platforms and modern application architectures (AWS preferred).
  • Ability to assess risk, prioritize issues, and provide practical security recommendations.
  • Experience reading and understanding source code in one or more modern programming languages.
  • Experience building scripts, tools, or automation to improve engineering or security workflows.

 



Similar Jobs

See all Remote Design jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Design

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified