Security Engineer, Detection & Response

at Dropbox

Remote

Role Description

At Dropbox, we believe in simplifying the way people work together. We offer a range of innovative cloud-based solutions that empower individuals and businesses to share, access, and collaborate on files seamlessly. Security is central to our mission of building a more enlightened way of working, enabling people to unleash their creative potential without constraints.

The Detection and Response Team (DART) is seeking a seasoned Security Engineer with deep experience in detection, incident response, and security engineering. The ideal candidate has a proven track record in Digital Forensics and Incident Response (DFIR), has led large-scale, complex security incidents, and consistently demonstrates operational excellence in securing systems at scale.

Our Engineering Career Framework is viewable by anyone outside the company and describes what’s expected for our engineers at each of our career levels. Check out our blog post on this topic and more here.

Responsibilities

Develop, refine, and apply detection and incident response playbooks
Triage and respond to security events
Analyse and correlate data from diverse sources to identify threats
Enhance detection workflows through automation and alert enrichment
Write tailored detection rules to surface threats relevant to Dropbox’s environment
Collaborate with and mentor peers across DART and other security teams

Many teams at Dropbox run Services with on-call rotations, which entails being available for calls during both core and non-core business hours. If a team has an on-call rotation, all engineers on the team are expected to participate in the rotation as part of their employment. Applicants are encouraged to ask for more details of the rotations to which the applicant is applying.

Requirements

6+ years of experience as a Security Engineer or in related security domains
Proven experience in operational security, including roles as a first responder or incident manager
Demonstrated success in improving operational team capabilities and KPIs
Experience influencing security strategy and driving cross-functional initiatives
Strong knowledge of operating systems, file systems, and memory internals across macOS, Linux, Windows, or mobile platforms such as iOS and Android
Practical understanding of attacker tactics, techniques, and procedures (TTPs)
Broad experience across multiple security disciplines, with deep expertise in at least two of the following: detection engineering, digital forensics, incident response, threat hunting, threat intelligence, or malware analysis
Hands-on experience conducting live response and digital forensics using disk and memory artifacts across platforms such as Windows, macOS, Linux, ChromeOS, Android, and iOS
Proficiency in coding or scripting in one or more languages

Preferred Qualifications

Bachelor’s degree or higher (e.g., MS or PhD) in Computer Science or a related technical field, or equivalent practical experience
Proficiency in writing and reading Structured Query Language (SQL)

Compensation

Dropbox applies increased tax deductible costs to remuneration earned by certain qualifying employees (to the extent an employee will be involved in the creation of the software as an “author”) for the transfer of copyrights, in accordance with the relevant provisions of the Personal Income Tax Act.

Poland Pay Range

272 000 zł—368 000 zł PLN