Senior Infrastructure Security Engineer

Responsibilities

• Design, deploy, and operate security controls for Dropbox’s AI and agentic infrastructure, including model gateways, inference services, vector stores, retrieval systems, and supporting cloud and Kubernetes platforms.
• Implement least-privilege and secure-execution patterns for AI agents, including per-tool authorization, sandboxing, human-in-the-loop approvals for high-impact actions, and separation of policy validation from execution.
• Lead security implementation for AI tool and agent connectivity layers, including MCP gateway deployments, with controls for OAuth-based authorization, scope minimization, token audience validation, origin validation, replay protection, and secure isolation between trusted and untrusted tool domains.
• Deploy, build, and/or operate security infrastructure solutions to help scale and raise the security bar for Dropbox’s on-prem and cloud infrastructure.
• Automate security controls using scripting to eliminate redundant work and minimize need for human involvement.
• Collaborate with cross functional teams and lead security initiatives to influence product decisions and enhance security posture.

Requirements

• 9+ years of Security experience or related industry experience, demonstrating impactful contributions to security strategies.
• Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience, with coding proficiency.
• Experience securing LLM, RAG, or agentic AI systems in production, with hands-on implementation of controls for prompt injection, sensitive-data disclosure, excessive agency, data or model poisoning, and AI supply-chain risk.
• Experience designing identity and authorization for non-human workloads and agents using technologies such as SPIFFE/SPIRE, OAuth 2.1 or OIDC, AWS IRSA, Google Workload Identity Federation, Azure managed identities, or equivalent patterns.
• Integrate adversarial testing and release gates for AI systems into CI/CD, including regression coverage for prompt injection, tool abuse, memory poisoning, approval bypass, and multi-agent escalation scenarios.
• Solid knowledge of Linux fundamentals including system administration, security, networking, scripting, and troubleshooting.
• Proficiency using one or more scripting or high-level languages to automate tasks, manipulate data, or build small systems e.g. Bash, Python, Go, Rust, Ruby, NodeJS, C/C++, Java.

Preferred Qualifications

• Experience securing MCP-based systems or similar AI agent and tool protocols.
• Experience with multi-agent security controls such as trust boundaries, signed inter-agent messaging, and circuit breakers.
• Familiarity with NIST AI RMF, NIST SP 800-218A, MITRE ATLAS, CSA AICM, and OWASP LLM and agentic security guidance.
• Experience with security tools such as Teleport, CrowdStrike, Proofpoint, IPS/IDS, SIEM or SOAR.
• Certifications such as CISSP, CISM, or equivalent.