The Detection and Response Team (DART) is looking for a Security Engineer with experience performing detection, incident response, security engineering, and maintaining operationally excellent systems. You will operate and build the tools and detections to catch the next incident, contain it, and keep Dropbox worthy of trust!

We are a multi-disciplinary team with a wide variety of skills and responsibilities including Linux, macOS, and Windows systems security, cloud and network security, and detection and response capabilities. Within our team are many opportunities to apply your prior experience and vision to improve Dropbox's detection and response program!

Many teams at Dropbox run Services with on-call rotations, which entails being available for calls during both core and non-core business hours. If a team has an on-call rotation, all engineers on the team are expected to participate in the rotation as part of their employment. Applicants are encouraged to ask for more details of the rotations to which the applicant is applying.

Our Engineering Career Framework is and describes what's expected for our engineers at each of our career levels. Check out our blog post on this topic and more .

• Develop, apply, and refine detection and incident response playbooks
• Perform on-call duties triaging detection and incident response events
• Analyze and correlate data from disparate sources
• Improve detection workflows with automation and alert enrichments
• Write detection rules to identify threats specific to our environment
• Share knowledge and experience with peer teams and DART engineers

• Direct experience with operational teamwork or as a security incident first responder
• Experience improving operational teams capabilities/KPIs
• Experience influencing strategy and/or changes across org and partner teams
• Knowledge of operating systems, file systems, or memory on macOS, Linux, Windows, or iOS/Android.
• Practical experience with attacker tactics, techniques and procedures
• Experience and knowledge across multiple security domains, but with expertise in two or more of the following domains: detection engineering, digital forensics, incident response, threat hunting, threat intelligence, threat hunting, or malware analysis.
• Experience performing Live response or digital forensics using disk and memory forensic artefacts on operating systems such as Windows, *nix (macOS, Linux), ChromeOS, Android, iOS etc

Many teams at Dropbox run Services with on-call rotations, which entails being available for calls during both core and non-core business hours. If a team has an on-call rotation, all engineers on the team are expected to participate in the rotation as part of their employment. Applicants are encouraged to ask for more details of the rotations to which the applicant is applying.

• BS (or higher, e.g., MS, or PhD) in Computer Science or related technical field, or equivalent technical experience
• 4+ years experience as a security engineer in related domains
• Coding or scripting proficiency in one or more languages
• Experience writing and reading Structured Query Language (SQL)