Security Engineer, HelloSign - Location Flexible
- San Francisco, CA
Dropbox is now a Virtual First company, which means work outside of an office will be the primary experience for all employees. Being Virtual First also means the location of our employees is targeted but flexible. If "Location Flexible" is listed in the job title of a role, the role can be located in any of the states where Dropbox is authorized to do business. Some roles (including those which do not have "Location Flexible" in the job title), however, may have to be co-located with their teams in certain locations. Please work with your recruiter and your hiring manager to understand any location constraints of a particular role and to communicate your location preferences. Dropbox is authorized to do business in many, but not all, states. If you are not located in or able to work from a state where Dropbox is registered, you will not be eligible for employment. Please speak with your recruiter to learn more about where Dropbox is registered.
Dropbox is one place to keep life organized and keep work moving. With more than 600 million registered users across 180 countries, we're on a mission to design a more enlightened way of working. Dropbox is headquartered in San Francisco, CA, and has offices around the world. For more information on our mission and products, visit dropbox.com.
Our Engineering team is working to simplify the way people work together. They're building a family of products that handle over a billion files a day for people around the world. With our broad mission and massive scale, there are countless opportunities to make an impact.
This is a hands-on individual and has a white hat hacker mindset. This position will be a part of the HelloSign Security team and will work directly with the HelloSign Engineering and Product teams. As part of this role, they will mainly perform product security consulting, threat modeling, secure code reviews and help manage our bug bounty platform. They will work with the team to ensure our products are designed securely and all known issues are timely triaged and remediated.
- Perform security consulting for all products and services.
- Perform security reviews of the web applications, source code, and infrastructure deployed by us.
- Perform penetration testing and vulnerability assessments against the company's products and services as well as lead and coordinate third-party penetration testing efforts.
- Perform dynamic as well as static application security testing using open source and commercial tools.
- Perform security assessments on all existing and any new third-party vendors.
- Triage all issues reported by external researchers via the bug bounty program at HelloSign.
- Classify, prioritize, collaborate, and as necessary develop and implement solutions to ensure all security findings are appropriately remediated.
- Automate security controls using scripting to the extent that it requires minimal human interaction.
- Participate in 24x7 on call rotation for security related events.
- Strong past experience in security engineering or application security role
- Prefer BS or MS in Computer Science or Information Security or equivalent experience
- Strong understanding of modern web applications
- Information security related experience with Amazon AWS or equivalent cloud experience
- In depth understanding of Linux/UNIX based systems
- Experience shipping production code in PHP, Python or similar.
- A deep understanding of common web application vulnerabilities
- Ability to show initiative to drive progress and improvement
- Ability to handle multiple tasks, prioritize and meet deadlines
- Ability to maintain confidentiality of sensitive customer data
- Certifications like OSCP, CISSP, RHCE are a plus
- 100% company paid individual medical, dental, & vision insurance coverage
- 401k + company match
- Market competitive total compensation package
- Free Dropbox space for your friends and family
- Wellness Reimbursement
- Generous vacation policy
- 10 company paid holidays
- Volunteer time off
- Company sponsored tech talks (technology and other relevant professional topics)
We believe that the way business gets done today is broken. That's why we're dedicated to simplifying work for everyone - from small startups to large enterprise companies. Millions of individuals and over 80,000 companies world-wide trust the HelloSign platform - which includes eSignature, digital workflow and eFax solutions - to automate and manage their most important business transactions.
With a sharp focus on user experience and a lust for innovation, HelloSign is on a mission to Simplify Work.
Life at HelloSign:
Our HQ office is located in San Francisco Mission Bay near the UCSF Medical Center and we have a number of team members distributed across the US! Just over 150 employees, we are growing the company deliberately, with a keen eye towards maintaining a culture that values lifestyle, fun and continuous improvement. We were awarded the Hirepalooza Culture Award for Lifestyle in 2015 and the Healthy Mothers Workplace Bronze Award in 2016 and 2017. In 2018, we won SF Business Times' Best Places to Work Award for Small Employers. We continue to maintain an overwhelmingly positive presence on Glassdoor and The Muse.
We have raving fans who love what we make
- We're user-focused and product-driven
- We're always evolving with an eye towards improvement
- We're committed to building a product people want
- We thrive on collaboration and learning from each other
- We have a supportive, familial atmosphere
- We work in an open, airy, creative space
- We laugh a lot
- And we'll never forget your birthday!
Dropbox is an equal opportunity employer. We are a welcoming place for everyone, and we do our best to make sure all people feel supported and connected at work. A big part of that effort is our support for members and allies of internal groups like Asians at Dropbox, BlackDropboxers, Latinx, Pridebox (LGBTQ), Vets at Dropbox, Women at Dropbox, ATX Diversity (based in Austin, Texas) and the Dropbox Empowerment Network (based in Dublin, Ireland).
Back to top