Senior Infrastructure Security Engineer

DropboxDropbox·Remote(Remote - Canada: Select locations)
Software Development

WFA Digital Insight

As the demand for robust cybersecurity specialists continues to surge, with a 28% growth in 2025, Dropbox is seeking a Senior Infrastructure Security Engineer to fortify its digital ecosystem. This role stands out for its focus on integrating security seamlessly into Dropbox's innovative cloud-based solutions, empowering millions of users to collaborate confidently. With the rise of remote work, companies are increasingly looking for experts who can safeguard their digital infrastructure. Candidates should be well-versed in the latest security technologies and have a strong understanding of cloud-based systems. Before applying, it's essential to review Dropbox's Engineering Career Framework, which outlines the expected skills and competencies for each career level.

Job Description

About the Role

The Senior Infrastructure Security Engineer will play a pivotal role in safeguarding Dropbox's digital ecosystem. As a member of the security team, you will design, deploy, and operate security controls for Dropbox's AI and agentic infrastructure, ensuring the confidentiality, integrity, and availability of sensitive data. This role entails working closely with cross-functional teams, including engineering, product, and operations, to identify and mitigate potential security risks.

Dropbox is committed to building a more enlightened way of working, where everyone can unleash their creative potential without constraints. As a security engineer, you will be responsible for fostering a culture of security awareness and ensuring that security is integrated seamlessly into Dropbox's products and services.

The security team at Dropbox is diverse and collaborative, with a strong focus on innovation and growth. As a senior engineer, you will have the opportunity to lead security implementation for AI tool and agent connectivity layers, deploying security infrastructure solutions, and operating security controls for Dropbox's cloud and Kubernetes platforms.

What You Will Do

  • Design, deploy, and operate security controls for Dropbox's AI and agentic infrastructure, including model gateways, inference services, vector stores, retrieval systems, and supporting cloud and Kubernetes platforms.
  • Implement least-privilege and secure-execution patterns for AI agents, including per-tool authorization, sandboxing, human-in-the-loop approvals for high-impact actions, and separation of policy validation from execution.
  • Lead security implementation for AI tool and agent connectivity layers, including MCP gateway deployments, with controls for OAuth-based authorization, scope minimization, token audience validation, origin validation, replay protection, and secure isolation between trusted and untrusted tool domains.
  • Collaborate with engineering teams to identify and mitigate potential security risks, ensuring that security is integrated seamlessly into Dropbox's products and services.
  • Develop and maintain security protocols, procedures, and documentation, ensuring that security controls are aligned with industry best practices and regulatory requirements.
  • Participate in security audits, risk assessments, and compliance activities, providing expertise and guidance on security-related matters.
  • Stay up-to-date with emerging security threats, vulnerabilities, and technologies, applying this knowledge to improve Dropbox's security posture.
  • Mentor junior engineers, providing guidance and support to help them develop their skills and expertise.
  • Develop and deliver security training and awareness programs, promoting a culture of security awareness across the organization.

What We Are Looking For

  • 5+ years of experience in security engineering, with a focus on cloud-based systems, AI, and machine learning.
  • Strong understanding of security principles, including confidentiality, integrity, and availability.
  • Experience with security technologies, such as firewalls, intrusion detection systems, encryption, and access control.
  • Knowledge of cloud-based platforms, including AWS, Azure, or Google Cloud.
  • Experience with containerization technologies, such as Docker, and orchestration tools, such as Kubernetes.
  • Strong programming skills in languages, such as Python, Java, or C++.
  • Experience with agile development methodologies, such as Scrum or Kanban.
  • Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams.

Nice to Have

  • Experience with AI and machine learning technologies, including TensorFlow, PyTorch, or scikit-learn.
  • Knowledge of security frameworks, such as NIST Cybersecurity Framework or ISO 27001.
  • Experience with security information and event management (SIEM) systems, such as Splunk or ELK.
  • Certification in security, such as CISSP, CISM, or CEH.

Benefits and Perks

  • Competitive salary and equity package.
  • Comprehensive health, dental, and vision insurance.
  • Flexible paid time off and holidays.
  • Remote work stipend and equipment allowance.
  • Opportunities for professional growth and development, including training and education programs.
  • Access to a diverse and collaborative community of security professionals.
  • Recognition and reward programs, including bonuses and stock options.

How to Stand Out

  • Develop a strong understanding of cloud-based security, including AWS, Azure, or Google Cloud, and containerization technologies, such as Docker and Kubernetes.
  • Build a portfolio of security projects, showcasing your expertise in security engineering, AI, and machine learning.
  • Stay up-to-date with emerging security threats, vulnerabilities, and technologies, applying this knowledge to improve your security skills and expertise.
  • Practice white-hat hacking and penetration testing to develop your skills in identifying and exploiting vulnerabilities.
  • Network with other security professionals, attending conferences and meetups to stay informed about industry trends and best practices.
  • Highlight your experience with security frameworks, such as NIST Cybersecurity Framework or ISO 27001, and certifications, such as CISSP, CISM, or CEH.
  • Prepare for common security interview questions, such as 'What is your experience with security information and event management (SIEM) systems?' or 'How do you stay current with emerging security threats and vulnerabilities?'

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.