Security Engineer, Vulnerability Management

Role Description

The Dropbox team is growing, and we’re looking for a security engineer to join our team. In this role, you’ll be part of a small team dedicated to performing Vulnerability Management at Dropbox. We are looking to hire junior team members to help us expand and improve our tooling. We collaborate closely with teams across the company to improve security. Our team culture rewards solid ownership, partnership, and discipline in how we develop. You’ll thrive in our team if you love making a difference, navigating through ambiguity, and supporting a culture of innovation and collaboration.

Our Engineering Career Framework is viewable by anyone outside the company and describes what’s expected for our engineers at each of our career levels. Check out our blog post on this topic and more here.

Responsibilities

• Partner with teams to improve the security bar at Dropbox in order to protect customer data.
• Automate security tasks with senior team members in order to expand Vulnerability Management tooling at Dropbox.
• Perform structured security risk assessments of current and new vulnerabilities and move vulnerabilities through the life-cycle of prioritization, mitigation, and remediation.
• Contribute to security strategies for new vulnerability management initiatives.
• Contribute to delivery of cross team initiatives.
• Participate in on-call rotation for vulnerability security issues.

On-call work may be necessary occasionally to help address bugs, outages, or other operational issues, with the goal of maintaining a stable and high-quality experience for our customers.

Requirements

• 2+ years of security or software engineering experience or a BS degree in Computer Science, Security or related technical field involving coding (e.g., physics or mathematics).
• Demonstrated proficiency in Python, tooling development or automation scripting.
• Technical domain knowledge with Linux based systems.

Preferred Qualifications

• Experience with Go/ Node. 
• Experience automating with web API.
• Experience with security and vulnerability management.
• Technical domain knowledge in areas adjacent to security. For example, Application security, Cloud/LaaS products(e.g. AWS, GCP, Azure), Linux, Windows, or MacOS based systems, Networking, Reliability, Software development, Risk Assessment.