HelloSign Product Security Engineer at Dropbox

San Francisco, CA

Company Description

Thank you for your interest in Dropbox careers. We are actively hiring for this position and look forward to reviewing your application. Dropbox is continuing to monitor the COVID-19 pandemic as the health and safety of our community, employees and candidates remain our number one priority. We appreciate your flexibility as we adapt our hiring processes during this evolving situation.
Dropbox is the world’s first smart workspace that helps people and teams focus on the work that matters. With more than 600 million registered users across 180 countries, we’re on a mission to design a more enlightened way of working. Dropbox is headquartered in San Francisco, CA, and has 12 offices around the world.

Team Description

Our Engineering team is working to simplify the way people work together. They’re building a family of products that handle over a billion files a day for people around the world. With our broad mission and massive scale, there are countless opportunities to make an impact.

Role Description

We are looking for a hands-on individual with a white hat hacker mindset to join us in a Security Engineer Role. This position will be a part of the HelloSign Security team and will work directly with the HelloSign engineering and product teams. As part of this role, you will mainly perform product security consulting, threat modeling, secure code reviews and help manage our bug bounty platform. You will work with the team to ensure our products are designed securely and all known issues are timely triaged and remediated.

Responsibilities

  • Perform security consulting for all products and services.
  • Perform security reviews of the web applications, source code, and infrastructure deployed by us.
  • Perform penetration testing and vulnerability assessments against the company’s products and services as well as lead and coordinate third-party penetration testing efforts.
  • Perform dynamic as well as static application security testing using open source and commercial tools.
  • Perform security assessments on all existing and any new third-party vendors.
  • Triage all issues reported by external researchers via the bug bounty program at HelloSign.
  • Classify, prioritize, collaborate, and as necessary develop and implement solutions to ensure all security findings are appropriately remediated.
  • Automate security controls using scripting to the extent that it requires minimal human interaction.
  • Participate in 24x7 on call rotation for security related events.

Requirements

  • Strong past experience in security engineering or application security role
  • Prefer BS or MS in Computer Science or Information Security or equivalent experience
  • Deep understanding of common web application vulnerabilities
  • Strong understanding of modern web applications and frameworks
  • Good understanding of Linux/UNIX based systems
  • Strong communication skills
  • Ability to show initiative to drive progress and improvement
  • Ability to handle multiple tasks, prioritize and meet deadlines
  • Ability to maintain confidentiality of sensitive customer data
  • Certifications like OSCP, CISSP, RHCE are a plus

Benefits and Perks

  • 100% company paid individual medical, dental, & vision insurance coverage
  • 401k + company match
  • Market competitive total compensation package
  • Free Dropbox space for your friends and family
  • Wellness Reimbursement
  • Generous vacation policy
  • 10 company paid holidays
  • Volunteer time off
  • Company sponsored tech talks (technology and other relevant professional topics)

About HelloSign, A Dropbox Company:

We believe that the way business gets done today is broken. That’s why we’re dedicated to simplifying work for everyone - from small startups to large enterprise companies. Millions of individuals and over 80,000 companies world-wide trust the HelloSign platform – which includes eSignature, digital workflow and eFax solutions – to automate and manage their most important business transactions.
With a sharp focus on user experience and a lust for innovation, HelloSign is on a mission to Simplify Work.

Life at HelloSign:

Our HQ office is located in San Francisco Mission Bay near the UCSF Medical Center and we have a number of team members distributed across the US! Just over 150 employees, we are growing the company deliberately, with a keen eye towards maintaining a culture that values lifestyle, fun and continuous improvement. We were awarded the Hirepalooza Culture Award for Lifestyle in 2015 and the Healthy Mothers Workplace Bronze Award in 2016 and 2017. In 2018, we won SF Business Times' Best Places to Work Award for Small Employers. We continue to maintain an overwhelmingly positive presence on Glassdoor and The Muse.

We have raving fans who love what we make

  • We're user-focused and product-driven
  • We're always evolving with an eye towards improvement
  • We're committed to building a product people want
  • We thrive on collaboration and learning from each other
  • We have a supportive, familial atmosphere
  • We work in an open, airy, creative space
  • We laugh a lot
  • And we'll never forget your birthday!
Dropbox is an equal opportunity employer. We are a welcoming place for everyone, and we do our best to make sure all people feel supported and connected at work. A big part of that effort is our support for members and allies of internal groups like Asians at Dropbox, BlackDropboxers, Latinx, Pridebox (LGBTQ), Vets at Dropbox, Women at Dropbox, ATX Diversity (based in Austin, Texas) and the Dropbox Empowerment Network (based in Dublin, Ireland).

Remember to mention that you found this position on AU Job- og Projektbank