Senior Security Engineer, Detection & Response

Role Description

At Dropbox, we believe in simplifying the way people work together. We provide a range of innovative cloud-based solutions to empower individuals and businesses to share, access, and collaborate on their files seamlessly. Security plays a pivotal role in shaping our mission of building a more enlightened way of working where everyone can unleash their creative potential without constraints.

The Detection and Response Team (DART) is looking for a Senior Security Engineer with experience performing detection, incident response, security engineering, and maintaining operationally excellent systems. Are you a seasoned senior level DFIR professional? Have you worked as an incident responder and incident manager commanding large scale, multi-faceted incidents? If you answered “yes” to all these questions you’re our ideal candidate.  

Our Engineering Career Framework is viewable by anyone outside the company and describes what’s expected for our engineers at each of our career levels. Check out our blog post on this topic and more here.

Responsibilities

• Develop, apply, and refine detection and incident response playbooks
• Perform on-call duties triaging detection and incident response events
• Analyse and correlate data from disparate sources
• Improve detection workflows with automation and alert enrichments
• Write detection rules to identify threats specific to our environment
• Share knowledge and experience with peer teams and DART engineers

Many teams at Dropbox run Services with on-call rotations, which entails being available for calls during both core and non-core business hours. If a team has an on-call rotation, all engineers on the team are expected to participate in the rotation as part of their employment. Applicants are encouraged to ask for more details of the rotations to which the applicant is applying.

Requirements

• 6+ years experience as a security engineer in related domains
• Direct experience with operational teamwork AND (security incident first responder OR  incident manager)
• Experience improving operational teams capabilities/KPIs
• Experience influencing strategy and/or changes across org and partner teams
• Knowledge of operating systems, file systems, or memory on macOS, Linux, Windows, or iOS/Android.
• Practical experience with attacker tactics, techniques and procedures
• Experience and knowledge across multiple security domains, but with expertise in two or more of the following domains: detection engineering, digital forensics, incident response, threat hunting, threat intelligence, threat hunting, or malware analysis.
• Experience performing Live response or digital forensics using disk and memory forensic artefacts on operating systems such as Windows, *nix (macOS, Linux), ChromeOS, Android, iOS etc 
• Coding or scripting proficiency in one or more languages

Preferred Qualifications

• 8+ years experience as a security engineer in related domains
• BS (or higher, e.g., MS, or PhD) in Computer Science or related technical field, or equivalent technical experience
• Experience writing and reading Structured Query Language (SQL)

Compensation