Dropbox Engineering Career Framework
IC6 Principal Security Engineer
I lead the definition, design, architecture quality, implementation, and delivery of the most advanced, most challenging, most cross-cutting, and/or most ambiguous challenges in Security, spanning across other organizations and that have a significant impact on Dropbox
Area of ownership and level of autonomy / ambiguity
Collaborative Reach
Organizational reach and extent of influence
Impact Levers
Technical levers typically exercised to achieve business impact
  • I own and deliver org/company-wide multi-year, multi-team goals
  • I take a multi-year, industry-leading perspective, ensuring that our products are secure, adapt to scale, usage, and/or business needs well beyond Dropbox’s current scope. I anticipate threats and prepare for them.
  • I work with the leadership within my organization and in related organizations to develop a long term security and technical strategy. 
  • I map business goals to appropriate security investments.
  • I typically influence the technical strategy of an entire group. I am often partnering closely with Directors/senior EPD leadership to ensure the health of EPD as a whole and influence the overall direction of EPD
  • I transcend organizational boundaries and proactively identify the best ways to leverage myself.
  • I exert influence over multiple teams increasing their productivity and effectiveness. I am accountable for the quality of the systems and/or solutions delivered. 
  • I own articulating the priority of work items to maintain existing systems as well as deliver new security features to protect Dropbox’s customers. 
  • I hold peers and teams to a high bar.
  • I demonstrate a high level of depth in a particular platform or product category that brings unique business value.
  • I align the technical strategy for several projects in my group to broader initiatives across EPD.
  • I consistently influence product decisions/scope and determine the right technical tradeoffs to deliver customer value quickly with high quality.
  • I partner with cross-functional stakeholders to identify major new business opportunities unlocked by technical capabilities.
  • I lead by example. I am a role model for company ownership. I recognize problems outside my area and pro-actively drive resolution.
  • Amongst my peer group I am considered “one of the best” at what I do. I help focus company leaders and decision makers on important technology and security trends, tools, and/or strategies.

trophy Results

Key Behaviors
  • I identify and execute on significant group/company-wide opportunities by understanding how technical capabilities meet customer needs. I proactively work with business owners to help them understand these new capabilities and work with them to build the right roadmap for the business.
  • I execute large projects to a very high standard — e.g. against a tight deadline with significant consequences of failure, or in a manner that allows rapid learning to clarify significant ambiguity, or to a standard of quality well exceeding that of the current system (though not all simultaneously)
  • I proactively identify and help to refocus my team's efforts when projects are off-course or not technically feasible and results aren’t moving the needle for our business/team goals or serving the needs of customers in a meaningful way
  • I know which levers to pull to drive meaningful results and understand the wider, cross-functional implications of my work
  • I have a sense of responsibility and obligation to act on opportunities I see across the engineering org/company
  • I transcend organizational boundaries by taking a holistic view of my group’s goals and taking responsibility across my group, not just within my immediate scope of ownership.
Decision Making
  • I act thoughtfully and decisively in critical situations even when making challenging or unpopular decisions
  • I'm able to reach the right decision despite conflicting perspectives

glowing star Direction

Key Behaviors
  • When necessary, I am able to introduce change into the organization, help others understand the business case for change, and create excitement to drive adoption of the change 
  • I push boundaries to generate and implement breakthrough ideas that aim to drive our products and tools forward 
  • I demonstrate creativity, e.g. by finding simple, generalizable solutions that open up or unblock new technical or business opportunities in unexpected ways.
  • I create an environment supporting experimentation and iteration
  • I  partner with Directors and other members of senior EPD leadership to define a long-term vision for my group that factors in both a deep understanding of what is happening in the business and in the market as well as the technical limitations and possibilities of Dropbox’s software and systems.
  • I anticipate challenges and am able to influence the technical direction of the team or org to execute on that vision even in the face of significant misalignment

deciduous tree Talent

Key Behaviors
Personal Growth
  • I proactively ask for feedback from those I work with and identify ways to act upon it
  • I have self-awareness about my strengths and areas for development
  • I drive discussions with my manager about aspirational goals and seek out opportunities to learn and grow
  • I am an active participant in the hiring process for senior candidates (for example, by participating in hiring committee, debriefs etc)
  • I attract talent for a variety of roles with diversity in mind 
  • I gain the trust of candidates and can represent Dropbox's mission, strategy, and culture throughout the interview process
  • I am an effective partner to my manager and  am able to represent my team’s technical challenges to candidates in an exciting way (e.g. 1:1 selling, blog posts, public speaking)
Talent Development
  • I model a standard of excellence that supports a culture of high performance on my team. I drive EPD-wide processes and define the bar for engineering-wide quality and best practices.
  • I invest time to coach and mentor my teammates (particularly ones looking to grow into L5/L6). I take into account their skills, backgrounds, working styles and solicit and provide thoughtful, constructive feedback to them.
  • I devote time to spreading my knowledge widely via talks, blog posts or written documentation.
  • I participate in SPRiTEs calibration sessions by providing meaningful feedback to ensure fair and consistent decisions

rainbow Culture

Key Behaviors
  • I help break down silos within and across functions and influence others to reach the best outcome for Dropbox
  • I build deep cross-functional relationships, facilitate the right conversations, and settle disagreements by managing different viewpoints
  • I disagree and commit when necessary to move critical priorities forward
Organizational Health
  • I act as a partner to managers in setting the cultural tone for the org. I create an inclusive environment for others and ensure diverse perspectives are included
  • Working with my manager, I leverage the strengths & skills of the members of my team, and help identify talent gaps required for team success
  • I personify Dropbox's culture and values. I champion community building efforts and inclusion initiatives. I work in close partnership with senior EPD leadership to ensure a healthy engineering org. 
  • I lead by example. I am aware of my public presence and actions and my influence on the people around me and Dropbox’s culture.
  • I develop compelling messages and effectively present them at the executive level
  • I fine tune my approach to getting buy-in and influencing stakeholders across a variety of audiences 

owl Craft

I am a trusted part of the organization's leadership, serving as a technical advisor to its leadership. I am a crucial influencer in planning strategy, helping to set security objectives with a bottom-line impact and/or yield a competitive advantage for the business.
I tackle the most challenging problems, aligning teams, organizations, and architectures to a coherent vision. I design systems far from my previous experience, anticipating scale and scope beyond Dropbox's current requirements or unexplored areas. I set the standard for security excellence and technology leadership. I amplify my impact by educating the broader security community, keeping them up to date on advanced security issues, technologies, and trends. I partner with cross-functional stakeholders to identify significant new business opportunities unlocked by technical capabilities.
Key Behaviors
Security Execution
  • I guide teams to iterate towards solutions where a significant portion of the challenge is designing an appropriately staged validation plan.
  • I create, influence and participate in programs that work to overcome our security weaknesses.
  • I relentlessly drive awareness about the impact and consequences that technology, architecture and security decisions may have on our business and customers.
  • I combine my unique technical and security expertise and experience to drive fruitful, potentially even game-changing choices that benefit the business, Dropbox’s customers, and our technologies.
  • I take a multi-year, industry-leading perspective around security concerns; ensuring they adapt to scale, usage, and/or business needs well beyond Dropbox’s current scope.
  • I know when to apply an incremental approach. I know when to pull back and recommend major refactor/re-architecture efforts (in order to speed up later). 
  • Teams under my direction are focused and deliver effectively.
  • I guide teams to iterate towards strategies and solutions that take into account organizational realities, process and documentation so they are resilient to erosion over multiple years of operations
  • I help guide the career growth of others across the company, by actively mentoring, performing promotion assessments and participating in performance discussions.
  • The programs that I build are structured to measure success in a manner that efficiently furthers security objectives; I recognize and replace ineffective metrics and incentive structures
  • I am a recognized leader in information security inside and outside of Dropbox.
  • I understand that technology, threats, and responses evolve, and drive that evolution  to improve security across the industry.
  • I am recognized as expressing some combination of security and technical breadth or depth in the scope of my work, the degree varying due to my unique experience, expertise, or in response to job requirements. 
  • I split my time based on where my skills will have the greatest impact.
Technology Fluency
The expectations for technology fluency do not go up beyond L4 (though some specialist engineers may go deep in one or more areas)
Threat Fluency
The expectations for threat fluency do not go up beyond L5 (though some specialist engineers may go deep in one or more areas)