# Senior Infrastructure Security Engineer **Company**: Dropbox **Location**: San Francisco, CA **Work arrangement**: remote **Experience**: senior **Job type**: full-time **Salary**: $214,200-$289,800 USD **Category**: Engineering **Industry**: Technology **Apply**: https://job-boards.greenhouse.io/dropbox/jobs/7967465?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply **Canonical**: https://yubhub.co/jobs/job_fa3ab922-996 ## Description Role Description At Dropbox, we believe in simplifying the way people work together. We provide a range of innovative cloud-based solutions to empower individuals and businesses to share, access, and collaborate on their files seamlessly. Security plays a pivotal role in shaping our mission of building a more enlightened way of working where everyone can unleash their creative potential without constraints. As a Security Engineer, you'll safeguard our digital ecosystem alongside a diverse team of professionals dedicated to protecting our products and users. Trusted by millions, our mission is to integrate security seamlessly into Dropbox, empowering confident collaboration. Join us in owning a range of security projects, fostering innovation and growth in a collaborative environment. Responsibilities - Design, deploy, and operate security controls for Dropbox’s AI and agentic infrastructure, including model gateways, inference services, vector stores, retrieval systems, and supporting cloud and Kubernetes platforms. - Implement least-privilege and secure-execution patterns for AI agents, including per-tool authorization, sandboxing, human-in-the-loop approvals for high-impact actions, and separation of policy validation from execution. - Lead security implementation for AI tool and agent connectivity layers, including MCP gateway deployments, with controls for OAuth-based authorization, scope minimization, token audience validation, origin validation, replay protection, and secure isolation between trusted and untrusted tool domains. - Deploy, build, and/or operate security infrastructure solutions to help scale and raise the security bar for Dropbox’s on-prem and cloud infrastructure. - Automate security controls using scripting to eliminate redundant work and minimize need for human involvement. - Collaborate with cross functional teams and lead security initiatives to influence product decisions and enhance security posture. Requirements - 9+ years of Security experience or related industry experience, demonstrating impactful contributions to security strategies. - Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience, with coding proficiency. - Experience securing LLM, RAG, or agentic AI systems in production, with hands-on implementation of controls for prompt injection, sensitive-data disclosure, excessive agency, data or model poisoning, and AI supply-chain risk. - Experience designing identity and authorization for non-human workloads and agents using technologies such as SPIFFE/SPIRE, OAuth 2.1 or OIDC, AWS IRSA, Google Workload Identity Federation, Azure managed identities, or equivalent patterns. - Integrate adversarial testing and release gates for AI systems into CI/CD, including regression coverage for prompt injection, tool abuse, memory poisoning, approval bypass, and multi-agent escalation scenarios. - Solid knowledge of Linux fundamentals including system administration, security, networking, scripting, and troubleshooting. - Proficiency using one or more scripting or high-level languages to automate tasks, manipulate data, or build small systems e.g. Bash, Python, Go, Rust, Ruby, NodeJS, C/C++, Java. Preferred Qualifications - Experience securing MCP-based systems or similar AI agent and tool protocols. - Experience with multi-agent security controls such as trust boundaries, signed inter-agent messaging, and circuit breakers. - Familiarity with NIST AI RMF, NIST SP 800-218A, MITRE ATLAS, CSA AICM, and OWASP LLM and agentic security guidance. - Experience with security tools such as Teleport, CrowdStrike, Proofpoint, IPS/IDS, SIEM or SOAR. - Certifications such as CISSP, CISM, or equivalent. ## Skills ### Required - Linux fundamentals - Security - Networking - Scripting - Troubleshooting - Bash - Python - Go - Rust - Ruby - NodeJS - C/C++ - Java - SPIFFE/SPIRE - OAuth 2.1 - OIDC - AWS IRSA - Google Workload Identity Federation - Azure managed identities - Teleport - CrowdStrike - Proofpoint - IPS/IDS - SIEM - SOAR - CISSP - CISM ### Nice to have - MCP-based systems - Multi-agent security controls - NIST AI RMF - NIST SP 800-218A - MITRE ATLAS - CSA AICM - OWASP LLM and agentic security guidance --- Source: [Apply at job-boards.greenhouse.io](https://job-boards.greenhouse.io/dropbox/jobs/7967465?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply)