Dropbox Engineering Career Framework
IC5 Staff Security Engineer
I set a multi-year, multi-team risk reduction strategy and deliver it through direct implementation, broad cross-organizational technical leadership, or strategic guidance. I involve myself in initiatives across the company and ensure cross-functional alignment and amplify the impact of distinct initiatives.
Area of ownership and level of autonomy / ambiguity
Collaborative Reach
Organizational reach and extent of influence
Impact Levers
Technical levers typically exercised to achieve business impact
  • I deliver multi-year, multi-team security goals.
  • I work in areas where the security strategy is not defined. I may not know the security problem before starting.
  • I own complex issues, and decompose them into simple, scalable solutions and work products. I am able to explain and teach this skill.
  • I exhibit a very high standard of technical judgement, innovation and execution to tackle open-ended problems that require difficult prioritization, defining both the what and how of things to be done.
  • I exercise judgment that favors the priorities of the wider security org rather than favoring locally optimal outcomes.
  • I Influence the business and technology direction. I align teams and orgs towards simple, coherent security goals.
  • I demonstrate a high level of depth in a particular platform or product category that brings unique business value. 
  • I excel at defining the vision for and delivering large business-impacting projects with multiple constraints.
  • I increasingly influence product decisions/scope and determine the right technical tradeoffs to deliver customer value quickly.
  • I lead by example, I serve as a role model for other Dropbox security engineers, and teach all aspects of Security Craft.
  • I deliver with complete independence.
  • I work on significantly large or endemic security problems and projects.
  • I adapt to fill both technical and organizational gaps across the security organization, sometimes assuming roles that are not clearly scoped as Security Engineering or IC.
  • I use my expertise to affect system security and how the organization operates, partnering with TLs and leads to drive the organization towards higher degrees of maturity, effectiveness, and excellence.

trophy Results

Key Behaviors
  • I identify and execute on opportunities that have area/group-wide impact 
  • I execute large projects to a very high standard — e.g. against a tight deadline with significant consequences of failure, or in a manner that allows rapid learning to clarify significant ambiguity, or to a standard of quality well exceeding that of the current system (though not all simultaneously)
  • I know which levers to pull to drive meaningful results and understand the wider, cross-functional implications of my work. I proactively account for risks and monitor their likelihood. My project planning accounts for new capabilities necessary to deliver large-scale business impact and I work closely with partner teams to prioritize the development of these capabilities.
  • I proactively identify and help to refocus my team's efforts when projects are off-course or not technically feasible and results aren’t moving the needle for our business/team goals or serving the needs of customers in a meaningful way
  • I have a sense of responsibility and obligation to act on opportunities I see across the engineering org/company
Decision Making
  • I have a holistic view of the engineering org and Dropbox’s goals and use my experience and judgment to make decisions optimized for the wider org, rather than my local project alone
  • I act thoughtfully and decisively in critical situations even when making challenging or unpopular decisions
  • I'm able to reach the right decision despite conflicting perspectives

glowing star Direction

Key Behaviors
  • When necessary, I am able to introduce change into the organization, help others understand the business case for change, and create excitement to drive adoption of the change 
  • I push boundaries to generate and implement breakthrough ideas that aim to create new products or advance existing products and drive our tools forward
  • I create an environment supporting experimentation and iteration towards audacious goals.
  • I define a long-term vision for my team that factors in company-wide priorities as well as the technical limitations and possibilities of Dropbox’s software and systems. I inspire my team and cross-discipline stakeholders to work toward that vision
  • I anticipate challenges and am able to influence the technical direction of the team or org to execute on that vision even in the face of potential significant misalignment

deciduous tree Talent

Key Behaviors
Personal Growth
  • I proactively ask for feedback from those I work with and identify ways to act upon it
  • I have self-awareness about my strengths and areas for development
  • I drive discussions with my manager about aspirational goals and seek out opportunities to learn and grow
  • I am an active participant in the hiring process for senior candidates (for example, by participating in hiring committee, debriefs, etc.)
  • I gain the trust of candidates and can represent Dropbox's mission, strategy, and culture throughout the interview process
  • I am an effective partner to my manager and am able to represent my team’s technical challenges to candidates in an exciting way (e.g. 1:1 sell chats, blog posts, public speaking)
Talent Development
  • I am a role model for other Dropboxers and model a standard of excellence that supports a culture of high performance on my team
  • I invest time to coach and mentor my teammates (particularly ones looking to grow into L4/L5). I take into account their skills, backgrounds, working styles and solicit and provide thoughtful, constructive feedback to them.
  • I devote time to spreading my knowledge widely via talks, blog posts or written documentation
  • I participate in SPRiTEs calibration sessions by providing meaningful feedback to ensure fair and consistent decisions

rainbow Culture

Key Behaviors
  • I help break down silos within and across functions and influence others to reach the best outcome for Dropbox
  • I build deep cross-functional relationships, facilitate the right conversations, and settle disagreements by managing different viewpoints
  • I disagree and commit when necessary to move critical priorities forward
Organizational Health
  • I act as a partner to managers in setting the cultural tone for the team. I create an inclusive environment for others and ensure diverse perspectives are included
  • Working with my manager, I leverage the strengths & skills of the members of my team, and help identify talent gaps required for team success
  • I personify Dropbox's culture and values. I champion community building efforts and inclusion initiatives. I work in close partnership with the management team to ensure a healthy engineering org. 
  • I lead by example. I am aware of my public presence and actions and my influence on the people around me and Dropbox’s culture
  • I tailor my message to my audience, presenting it clearly and concisely at the right altitude
  • I fine tune my approach to getting buy-in and influencing stakeholders across a variety of audiences 

owl Craft

I am a trusted part of the technical leadership of the security organization. I have the versatility to take on a wide variety of projects, incidents, and roles characterized by high complexity, broad scope, and high impact. I am a crucial influencer in the security strategy. I bring business, technical, and industry context to security solutions. I am a hands-on technical leader. I identify endemic security problems, define technologies, and architectures to mitigate them. I set the standard for excellence in the security organization and mitigate security risks and threats with innovative concepts. I mentor emerging leaders and consistently role model the leadership behaviors that are expected. My solutions are robust, resistant to erosion, and secure by default. I work with cross-functional partners to discover novel solutions to business problems.
Key Behaviors
Security Execution
  • My work demonstrates broad and deep security domain expertise, and I successfully apply it across technology domains (e.g. software, networking, risk management, operating systems, etc) to realize cross-functional security objectives and drive the maturity of the security team overall.
  • I independently and proactively identify areas of security risk and future needs, reach out to the relevant teams, collaboratively design solutions to that risk, and successfully implement them in a sustainable way that “permanently” reduces risk across entire classes of threats.
  • I design, deliver, and drive solutions for significantly complex security and risk problems across dropbox organizations.
  • I split my time in different areas such as, security solution design, and/or security architecture, based on where my skills have the greatest impact (or in response to a security problem).
  • I deliver solutions that are resistant to erosion of security controls over time and integrate ongoing testing strategies as part of the foundational design
  • I own the response to extraordinary or otherwise sensitive security incidents.
  • I adapt my role to the needs of an initiative, the security team, or a cross-functional partner team over time.
  • I understand that technology, threats, and responses evolve, and drive that evolution to create opportunity to improve security across Dropbox.
  • I motivate security controls that simplify, optimize, and prevent bottlenecks. 
Technology Fluency
The expectations for technology fluency do not go up beyond L4 (though some specialist engineers may go deep in one or more areas)
Threat Fluency
  • I have a deep understanding of attacker tools, techniques, and processes (TTPs) and an extensive array of defenses/mitigations for them.
  • I am deeply aware of the kinds of defenses and their efficacy at mitigating attacks relevant to Dropbox Security.