[Remote] Senior Infrastructure Security Engineer

Note: The job is a remote job and is open to candidates in USA. Dropbox is a company focused on simplifying the way people work together through innovative cloud-based solutions. The Senior Infrastructure Security Engineer will safeguard Dropbox's digital ecosystem by designing and implementing security controls for AI and agentic infrastructure, while collaborating with cross-functional teams to enhance security posture.

Responsibilities

• Design, deploy, and operate security controls for Dropbox’s AI and agentic infrastructure, including model gateways, inference services, vector stores, retrieval systems, and supporting cloud and Kubernetes platforms
• Implement least-privilege and secure-execution patterns for AI agents, including per-tool authorization, sandboxing, human-in-the-loop approvals for high-impact actions, and separation of policy validation from execution
• Lead security implementation for AI tool and agent connectivity layers, including MCP gateway deployments, with controls for OAuth-based authorization, scope minimization, token audience validation, origin validation, replay protection, and secure isolation between trusted and untrusted tool domains
• Deploy, build, and/or operate security infrastructure solutions to help scale and raise the security bar for Dropbox’s on-prem and cloud infrastructure
• Automate security controls using scripting to eliminate redundant work and minimize need for human involvement
• Collaborate with cross functional teams and lead security initiatives to influence product decisions and enhance security posture

Skills

• 9+ years of Security experience or related industry experience, demonstrating impactful contributions to security strategies
• Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience, with coding proficiency
• Experience securing LLM, RAG, or agentic AI systems in production, with hands-on implementation of controls for prompt injection, sensitive-data disclosure, excessive agency, data or model poisoning, and AI supply-chain risk
• Experience designing identity and authorization for non-human workloads and agents using technologies such as SPIFFE/SPIRE, OAuth 2.1 or OIDC, AWS IRSA, Google Workload Identity Federation, Azure managed identities, or equivalent patterns
• Integrate adversarial testing and release gates for AI systems into CI/CD, including regression coverage for prompt injection, tool abuse, memory poisoning, approval bypass, and multi-agent escalation scenarios
• Solid knowledge of Linux fundamentals including system administration, security, networking, scripting, and troubleshooting
• Proficiency using one or more scripting or high-level languages to automate tasks, manipulate data, or build small systems e.g. Bash, Python, Go, Rust, Ruby, NodeJS, C/C++, Java
• Experience securing MCP-based systems or similar AI agent and tool protocols
• Experience with multi-agent security controls such as trust boundaries, signed inter-agent messaging, and circuit breakers
• Familiarity with NIST AI RMF, NIST SP 800-218A, MITRE ATLAS, CSA AICM, and OWASP LLM and agentic security guidance
• Experience with security tools such as Teleport, CrowdStrike, Proofpoint, IPS/IDS, SIEM or SOAR
• Certifications such as CISSP, CISM, or equivalent

Company Overview

Company H1B Sponsorship