Staff Application Security Engineer

Role Description 

As part of the Application Security team, you’ll be working to reduce risk across Dropbox. We partner with engineering and product teams during each point of the software development lifecycle (SDLC) and help drive broader security initiatives across Dropbox. Application Security Engineers provide security impact by developing secure-by-default libraries and frameworks that teams across Dropbox can frictionlessly integrate into their products. They also offer their expertise on security matters through cross-team consultations that cover design and threat modeling, as well as through documentation and educational initiatives.

Responsibilities

• Act as a subject matter expert on application security domains involving web, mobile, and desktop platforms
• Conduct security consultations on new and existing products, and be able to communicate complicated issues to non-technical audiences
• Improve upon and further integrate the Secure Development Lifecycle (SDLC) into product design and engineering efforts
• Empower secure-by-default development by shipping libraries and frameworks that address classes of vulnerabilities at scale
• Assist with code reviews to proactively identify potential vulnerabilities, and follow-up with tooling to prevent future vulnerabilities

Requirements

• 10+ years experience in application security engineering
• BS degree in Computer Science or related technical field involving coding (e.g., cybersecurity), or equivalent technical experience
• Strong communication skills and relationship building skills
• Experience in architecting and building application security on modern tech stacks across multiple platforms (web, mobile, desktop)
• Experience in building and scaling the Secure Development Lifecycle
• Experience with threat modeling and handling vulnerability reports
• Experience partnering with cross-functional engineering and product teams
• Be able to demonstrate software development experience