Dropbox Engineering Career Framework

IC5 Staff Security Engineer

I set a multi-year, multi-team risk reduction strategy and deliver it through direct implementation, broad cross-organizational technical leadership, or strategic guidance. I involve myself in initiatives across the company and ensure cross-functional alignment and amplify the impact of distinct initiatives.

Scope Area of ownership and level of autonomy / ambiguity

  • I deliver multi-year, multi-team security goals.
  • I work in areas where the security strategy is not defined. I may not know the security problem before starting.
  • I own complex issues, and decompose them into simple, scalable solutions and work products. I am able to explain and teach this skill.
  • I exhibit a very high standard of technical judgement, innovation and execution to tackle open-ended problems that require difficult prioritization, defining both the what and how of things to be done.

Collaborative Reach Organizational reach and extent of influence

  • I exercise judgment that favors the priorities of the wider security org rather than favoring locally optimal outcomes.
  • I Influence the business and technology direction. I align teams and orgs towards simple, coherent security goals.

Impact Levers Technical levers typically exercised to achieve business impact

  • I demonstrate a high level of depth in a particular platform or product category that brings unique business value.
  • I excel at defining the vision for and delivering large business-impacting projects with multiple constraints.
  • I increasingly influence product decisions/scope and determine the right technical tradeoffs to deliver customer value quickly.
  • I lead by example, I serve as a role model for other Dropbox security engineers, and teach all aspects of Security Craft.
  • I deliver with complete independence.
  • I work on significantly large or endemic security problems and projects.
  • I adapt to fill both technical and organizational gaps across the security organization, sometimes assuming roles that are not clearly scoped as Security Engineering or IC.
  • I use my expertise to affect system security and how the organization operates, partnering with TLs and leads to drive the organization towards higher degrees of maturity, effectiveness, and excellence.

🏆 Results


  • I identify and execute on opportunities that have area/group-wide impact

  • I execute large projects to a very high standard — e.g. against a tight deadline with significant consequences of failure, or in a manner that allows rapid learning to clarify significant ambiguity, or to a standard of quality well exceeding that of the current system (though not all simultaneously)

  • I know which levers to pull to drive meaningful results and understand the wider, cross-functional implications of my work. I proactively account for risks and monitor their likelihood. My project planning accounts for new capabilities necessary to deliver large-scale business impact and I work closely with partner teams to prioritize the development of these capabilities.
  • I proactively identify and help to refocus my team's efforts when projects are off-course or not technically feasible and results aren’t moving the needle for our business/team goals or serving the needs of customers in a meaningful way


  • I have a sense of responsibility and obligation to act on opportunities I see across the engineering org/company

Decision Making

  • I have a holistic view of the engineering org and Dropbox’s goals and use my experience and judgment to make decisions optimized for the wider org, rather than my local project alone
  • I act thoughtfully and decisively in critical situations even when making challenging or unpopular decisions
  • I'm able to reach the right decision despite conflicting perspectives

🌟 Direction


  • When necessary, I am able to introduce change into the organization, help others understand the business case for change, and create excitement to drive adoption of the change


  • I push boundaries to generate and implement breakthrough ideas that aim to create new products or advance existing products and drive our tools forward

  • I create an environment supporting experimentation and iteration towards audacious goals.


  • I define a long-term vision for my team that factors in company-wide priorities as well as the technical limitations and possibilities of Dropbox’s software and systems. I inspire my team and cross-discipline stakeholders to work toward that vision

  • I anticipate challenges and am able to influence the technical direction of the team or org to execute on that vision even in the face of potential significant misalignment

🌳 Talent

Personal Growth

  • I proactively ask for feedback from those I work with and identify ways to act upon it

  • I have self-awareness about my strengths and areas for development

  • I drive discussions with my manager about aspirational goals and seek out opportunities to learn and grow


  • I am an active participant in the hiring process for senior candidates (for example, by participating in hiring committee, debriefs, etc.)
  • I gain the trust of candidates and can represent Dropbox's mission, strategy, and culture throughout the interview process
  • I am an effective partner to my manager and am able to represent my team’s technical challenges to candidates in an exciting way (e.g. 1:1 sell chats, blog posts, public speaking)

Talent Development

  • I am a role model for other Dropboxers and model a standard of excellence that supports a culture of high performance on my team
  • I invest time to coach and mentor my teammates (particularly ones looking to grow into L4/L5). I take into account their skills, backgrounds, working styles and solicit and provide thoughtful, constructive feedback to them.
  • I devote time to spreading my knowledge widely via talks, blog posts or written documentation
  • I participate in SPRiTEs calibration sessions by providing meaningful feedback to ensure fair and consistent decisions

🌈 Culture


  • I help break down silos within and across functions and influence others to reach the best outcome for Dropbox

  • I build deep cross-functional relationships, facilitate the right conversations, and settle disagreements by managing different viewpoints

  • I disagree and commit when necessary to move critical priorities forward

Organizational Health

  • I act as a partner to managers in setting the cultural tone for the team. I create an inclusive environment for others and ensure diverse perspectives are included
  • Working with my manager, I leverage the strengths & skills of the members of my team, and help identify talent gaps required for team success
  • I personify Dropbox's culture and values. I champion community building efforts and inclusion initiatives. I work in close partnership with the management team to ensure a healthy engineering org.
  • I lead by example. I am aware of my public presence and actions and my influence on the people around me and Dropbox’s culture


  • I tailor my message to my audience, presenting it clearly and concisely at the right altitude
  • I fine tune my approach to getting buy-in and influencing stakeholders across a variety of audiences

🦉 Craft

I am a trusted part of the technical leadership of the security organization. I have the versatility to take on a wide variety of projects, incidents, and roles characterized by high complexity, broad scope, and high impact. I am a crucial influencer in the security strategy. I bring business, technical, and industry context to security solutions. I am a hands-on technical leader. I identify endemic security problems, define technologies, and architectures to mitigate them. I set the standard for excellence in the security organization and mitigate security risks and threats with innovative concepts. I mentor emerging leaders and consistently role model the leadership behaviors that are expected. My solutions are robust, resistant to erosion, and secure by default. I work with cross-functional partners to discover novel solutions to business problems.

Security Execution

  • My work demonstrates broad and deep security domain expertise, and I successfully apply it across technology domains (e.g. software, networking, risk management, operating systems, etc) to realize cross-functional security objectives and drive the maturity of the security team overall.
  • I independently and proactively identify areas of security risk and future needs, reach out to the relevant teams, collaboratively design solutions to that risk, and successfully implement them in a sustainable way that “permanently” reduces risk across entire classes of threats.
  • I design, deliver, and drive solutions for significantly complex security and risk problems across dropbox organizations.
  • I split my time in different areas such as, security solution design, and/or security architecture, based on where my skills have the greatest impact (or in response to a security problem).
  • I deliver solutions that are resistant to erosion of security controls over time and integrate ongoing testing strategies as part of the foundational design
  • I own the response to extraordinary or otherwise sensitive security incidents.
  • I adapt my role to the needs of an initiative, the security team, or a cross-functional partner team over time.
  • I understand that technology, threats, and responses evolve, and drive that evolution to create opportunity to improve security across Dropbox.
  • I motivate security controls that simplify, optimize, and prevent bottlenecks.

Technology Fluency

  • The expectations for technology fluency do not go up beyond L4 (though some specialist engineers may go deep in one or more areas)

Threat Fluency

  • I have a deep understanding of attacker tools, techniques, and processes (TTPs) and an extensive array of defenses/mitigations for them.
  • I am deeply aware of the kinds of defenses and their efficacy at mitigating attacks relevant to Dropbox Security.