Product Security Engineer, HelloSign - Location Flexible at Dropbox

Company Description

Dropbox is a leading global collaboration platform that's transforming the way people work together, from the smallest business to the largest enterprise. With more than 500 million registered users across more than 180 countries, our mission is to unleash the world’s creative energy by designing a more enlightened way of working. Headquartered in San Francisco, CA, Dropbox has more than 12 offices around the world.

Team Description

Our Engineering team is working to simplify the way people work together. They’re building a family of products that handle over a billion files a day for people around the world. With our broad mission and massive scale, there are countless opportunities to make an impact.

Role Description

The Dropbox team is growing, and we’re looking for security engineers to support this growth. In this role, you'll be a part of a team of 5-10 engineers, working closely with technical program managers, peer security teams and leads, and other engineering teams to build the future of Dropbox, with a focus on HelloSign. As part of this role, you will mainly perform product security consulting, threat modeling, secure code reviews and help manage our bug bounty platform for HelloSign. You will work with the team to ensure our products are designed securely and all known issues are timely triaged and remediated. Our team culture rewards a bias for action, engineering partnership in building security into our DNA, and discipline in how we develop. You’ll thrive in our team if you love chasing impact, working through ambiguity, and developing a culture of innovation.


  • Maintain and improve the high security bar of HelloSign in order to protect customer data
  • Perform structured security risk assessment to identify, prioritize, and provide recommendations or solutions for issues found
  • Perform security reviews of the web applications, source code, and infrastructure deployed
  • Deploy, build, and/or operate security solutions to help scale the security program
  • Automate security controls using scripting
  • Perform penetration testing and vulnerability assessments against the company’s products and services as well as lead and coordinate third-party penetration testing efforts
  • Perform security consulting for all products and services
  • Triage issues reported by external researchers via the bug bounty program
  • Perform dynamic & static application security testing using open source and commercial tools
  • Classify, prioritize, collaborate, develop, and implement solutions to ensure all security findings are appropriately remediated
  • Help engineer new security features that enhance our customer’s security
  • Perform source code reviews of the web applications and infrastructure deployed by us
  • Participate in 24x7 on call rotation for security related events


  • BS in Computer Science or a related technical field, or equivalent work experience
  • 2+ years in a security engineering or operations role
  • Deep understanding of common web application vulnerabilities
  • Strong understanding of modern web applications and frameworks
  • Good understanding of Linux/UNIX based systems
  • Technical domain knowledge in areas adjacent to Application security. For example, Infrastructure security, Cloud/IaaS products (e.g. AWS, GCP, Azure), Linux, Windows, or MacOS based systems, Networking, Reliability, Software development
  • Proficiency using one or more scripting or high-level languages to automate tasks, manipulate data, or build small systems. E.g.: Bash, Python, Go, Rust, Ruby, NodeJS, C/C++, or Java
Dropbox is an equal opportunity employer. We are a welcoming place for everyone, and we do our best to make sure all people feel supported and connected at work. A big part of that effort is our support for members and allies of internal groups like Asians at Dropbox, BlackDropboxers, Latinx, Pridebox (LGBTQ), Vets at Dropbox, Women at Dropbox, ATX Diversity (based in Austin, Texas) and the Dropbox Empowerment Network (based in Dublin, Ireland).

Benefits and Perks

  • Generous company paid individual medical, dental, & vision insurance coverage
  • 401k + company match
  • Market competitive total compensation package
  • Free Dropbox space for your friends and family
  • Wellness Reimbursement
  • Generous vacation policy
  • 11 company paid holidays
  • Volunteer time off
  • Company sponsored tech talks (technology and other relevant professional topics)

Remember to mention that you found this position on Careerland