This is a remote position.
Security & Endpoint Engineer (5–8 Years)
Role Overview
We are seeking an experienced Security & Endpoint Engineer Contractor to support strategic
security initiatives across Dropbox’s endpoint environment.
This role will initially focus on implementing enterprise-wide browser and extension security
controls, including visibility, governance, allowlisting, risk assessment, and enforcement
capabilities for browser extensions, developer plugins, and AI-enabled tools.
The contractor will partner closely with Security, CorpFleet, Identity, and Infrastructure teams to
evaluate, deploy, and operationalize security tooling that reduces client-side risk and
strengthens Dropbox’s security posture.
Initial Project Focus
Client-Side Extension Security & Execution Control
Key responsibilities include:
â Evaluate and perform proof-of-concept testing for browser extension security platforms.
â Assess browser extensions, developer plugins, and AI-enabled tools for security and
compliance risk.
â Define extension governance, approval workflows, and allowlisting processes.
â Implement monitoring, reporting, and visibility capabilities.
â Support enforcement controls to prevent unauthorized extension usage and reduce data
exfiltration risk.
â Develop operational processes, documentation, and support models for ongoing
management.
Following the initial project, the contractor will support additional security initiatives across
endpoint management, Privileged Access Management (PAM), device hardening, endpoint
compliance, and Zero Trust programs.
Key Responsibilities
Endpoint Security & Hardening
â Support enterprise endpoint security initiatives across macOS, Windows & Linux
â Implement and maintain endpoint security controls and hardening standards.
â Assist with vulnerability remediation and endpoint compliance activities.
â Support Zero Trust and device trust initiatives.
â Partner with endpoint engineering teams to balance security requirements with user
experience.
Privileged Access Management
â Support implementation and operational management of PAM solutions such as Delinea.
â Assist with privileged account governance, access reviews, and least-privilege initiatives.
â Partner with Security and Identity teams to strengthen administrative access controls.
Security Operations & Compliance
â Participate in security assessments, audits, and compliance programs.
â Produce operational documentation, runbooks, and implementation guides.
â Track remediation activities, risk exceptions, and security metrics.
â Support audit readiness and evidence collection activities.
Automation & Tooling
â Develop automation and scripts to improve security operations and reduce manual effort.
â Integrate security tools with enterprise platforms and workflows.
â Build dashboards and reporting capabilities to improve visibility and operational
effectiveness.
Cross-Functional Collaboration
â Work closely with Security, CorpFleet, Infrastructure, and Identity teams.
â Participate in vendor evaluations, proof-of-concepts, and implementation planning.
â Present technical recommendations, findings, and project status updates to
stakeholders.
Required Skills & Experience
â 5–8 years of experience in Security Engineering, Endpoint Engineering, Systems
Engineering, or a related field.
â Strong understanding of endpoint security principles and enterprise device management.
â Experience supporting macOS and Windows environments at scale.
â Experience with browser security, extension governance, and endpoint security tooling.
â Experience with endpoint management tools such as Jamf, Intune, FleetDM, or similar
â Understanding of Zero Trust security principles and least-privilege access models.
â Strong scripting skills using Python, PowerShell, Bash, or similar technologies.
â Excellent troubleshooting, analytical, and problem-solving skills.
â Strong written and verbal communication skills.
Preferred Qualifications
â Experience with browser extension security platforms such as KOI Security, LayerX,
SQRX, or similar solutions.
â Experience with Privileged Access Management platforms such as Delinea, CyberArk, or
BeyondTrust.
â Experience with endpoint security platforms such as CrowdStrike, Microsoft Defender, or
SentinelOne.
â Familiarity with enterprise security technologies including Okta, Zscaler, and Microsoft
Security solutions.
â Experience supporting SOC 2, ISO 27001, NIST, or similar security frameworks.
â Understanding of AI security risks, browser-based AI tools, and governance controls.
Success Measures During the initial engagement, success will be measured by
â Successful evaluation and recommendation of browser extension security tooling.
â Deployment and operationalization of approved extension security controls.
â Improved visibility into browser extension usage across the environment.
â Implementation of governance, allowlisting, and enforcement processes.
â Contribution to broader endpoint security and PAM initiatives.
â Creation of sustainable documentation, runbooks, and operational procedures.