IC5 Staff Security Engineer
I set a multi-year, multi-team risk reduction strategy and deliver it through direct implementation, broad cross-organizational technical leadership, or strategic guidance. I involve myself in initiatives across the company and ensure cross-functional alignment and amplify the impact of distinct initiatives.
Scope
Area of ownership and level of autonomy / ambiguity
- I deliver multi-year, multi-team security goals.
- I work in areas where the security strategy is not defined. I may not know the security problem before starting.
- I own complex issues, and decompose them into simple, scalable solutions and work products. I am able to explain and teach this skill.
- I exhibit a very high standard of technical judgement, innovation and execution to tackle open-ended problems that require difficult prioritization, defining both the what and how of things to be done.
Collaborative Reach
Organizational reach and extent of influence
- I exercise judgment that favors the priorities of the wider security org rather than favoring locally optimal outcomes.
- I Influence the business and technology direction. I align teams and orgs towards simple, coherent security goals.
Impact Levers
Technical levers typically exercised to achieve business impact
- I demonstrate a high level of depth in a particular platform or product category that brings unique business value.
- I excel at defining the vision for and delivering large business-impacting projects with multiple constraints.
- I increasingly influence product decisions/scope and determine the right technical tradeoffs to deliver customer value quickly.
- I lead by example, I serve as a role model for other Dropbox security engineers, and teach all aspects of Security Craft.
- I deliver with complete independence.
- I work on significantly large or endemic security problems and projects.
- I adapt to fill both technical and organizational gaps across the security organization, sometimes assuming roles that are not clearly scoped as Security Engineering or IC.
- I use my expertise to affect system security and how the organization operates, partnering with TLs and leads to drive the organization towards higher degrees of maturity, effectiveness, and excellence.
🏆 Results
Impact
-
I identify and execute on opportunities that have area/group-wide impact
-
I execute large projects to a very high standard — e.g. against a tight deadline with significant consequences of failure, or in a manner that allows rapid learning to clarify significant ambiguity, or to a standard of quality well exceeding that of the current system (though not all simultaneously)
- I know which levers to pull to drive meaningful results and understand the wider, cross-functional implications of my work. I proactively account for risks and monitor their likelihood. My project planning accounts for new capabilities necessary to deliver large-scale business impact and I work closely with partner teams to prioritize the development of these capabilities.
- I proactively identify and help to refocus my team's efforts when projects are off-course or not technically feasible and results aren’t moving the needle for our business/team goals or serving the needs of customers in a meaningful way
Ownership
- I have a sense of responsibility and obligation to act on opportunities I see across the engineering org/company
Decision Making
- I have a holistic view of the engineering org and Dropbox’s goals and use my experience and judgment to make decisions optimized for the wider org, rather than my local project alone
- I act thoughtfully and decisively in critical situations even when making challenging or unpopular decisions
- I'm able to reach the right decision despite conflicting perspectives
🌟 Direction
Agility
- When necessary, I am able to introduce change into the organization, help others understand the business case for change, and create excitement to drive adoption of the change
Innovation
-
I push boundaries to generate and implement breakthrough ideas that aim to create new products or advance existing products and drive our tools forward
-
I create an environment supporting experimentation and iteration towards audacious goals.
Strategy
-
I define a long-term vision for my team that factors in company-wide priorities as well as the technical limitations and possibilities of Dropbox’s software and systems. I inspire my team and cross-discipline stakeholders to work toward that vision
-
I anticipate challenges and am able to influence the technical direction of the team or org to execute on that vision even in the face of potential significant misalignment
🌳 Talent
Personal Growth
Hiring
- I am an active participant in the hiring process for senior candidates (for example, by participating in hiring committee, debriefs, etc.)
- I gain the trust of candidates and can represent Dropbox's mission, strategy, and culture throughout the interview process
- I am an effective partner to my manager and am able to represent my team’s technical challenges to candidates in an exciting way (e.g. 1:1 sell chats, blog posts, public speaking)
Talent Development
- I am a role model for other Dropboxers and model a standard of excellence that supports a culture of high performance on my team
- I invest time to coach and mentor my teammates (particularly ones looking to grow into L4/L5). I take into account their skills, backgrounds, working styles and solicit and provide thoughtful, constructive feedback to them.
- I devote time to spreading my knowledge widely via talks, blog posts or written documentation
- I participate in SPRiTEs calibration sessions by providing meaningful feedback to ensure fair and consistent decisions
🌈 Culture
Collaboration
-
I help break down silos within and across functions and influence others to reach the best outcome for Dropbox
-
I build deep cross-functional relationships, facilitate the right conversations, and settle disagreements by managing different viewpoints
- I disagree and commit when necessary to move critical priorities forward
Organizational Health
- I act as a partner to managers in setting the cultural tone for the team. I create an inclusive environment for others and ensure diverse perspectives are included
- Working with my manager, I leverage the strengths & skills of the members of my team, and help identify talent gaps required for team success
- I personify Dropbox's culture and values. I champion community building efforts and inclusion initiatives. I work in close partnership with the management team to ensure a healthy engineering org.
- I lead by example. I am aware of my public presence and actions and my influence on the people around me and Dropbox’s culture
Communication
- I tailor my message to my audience, presenting it clearly and concisely at the right altitude
- I fine tune my approach to getting buy-in and influencing stakeholders across a variety of audiences
🦉 Craft
I am a trusted part of the technical leadership of the security organization. I have the versatility to take on a wide variety of projects, incidents, and roles characterized by high complexity, broad scope, and high impact. I am a crucial influencer in the security strategy. I bring business, technical, and industry context to security solutions. I am a hands-on technical leader. I identify endemic security problems, define technologies, and architectures to mitigate them. I set the standard for excellence in the security organization and mitigate security risks and threats with innovative concepts. I mentor emerging leaders and consistently role model the leadership behaviors that are expected. My solutions are robust, resistant to erosion, and secure by default. I work with cross-functional partners to discover novel solutions to business problems.
Security Execution
- My work demonstrates broad and deep security domain expertise, and I successfully apply it across technology domains (e.g. software, networking, risk management, operating systems, etc) to realize cross-functional security objectives and drive the maturity of the security team overall.
- I independently and proactively identify areas of security risk and future needs, reach out to the relevant teams, collaboratively design solutions to that risk, and successfully implement them in a sustainable way that “permanently” reduces risk across entire classes of threats.
- I design, deliver, and drive solutions for significantly complex security and risk problems across dropbox organizations.
- I split my time in different areas such as, security solution design, and/or security architecture, based on where my skills have the greatest impact (or in response to a security problem).
- I deliver solutions that are resistant to erosion of security controls over time and integrate ongoing testing strategies as part of the foundational design
- I own the response to extraordinary or otherwise sensitive security incidents.
- I adapt my role to the needs of an initiative, the security team, or a cross-functional partner team over time.
- I understand that technology, threats, and responses evolve, and drive that evolution to create opportunity to improve security across Dropbox.
- I motivate security controls that simplify, optimize, and prevent bottlenecks.
Technology Fluency
- The expectations for technology fluency do not go up beyond L4 (though some specialist engineers may go deep in one or more areas)
Threat Fluency
- I have a deep understanding of attacker tools, techniques, and processes (TTPs) and an extensive array of defenses/mitigations for them.
- I am deeply aware of the kinds of defenses and their efficacy at mitigating attacks relevant to Dropbox Security.