HelloSign Security Engineer

San Francisco, CA

Company Description

Dropbox is the world’s first smart workspace that helps people and teams focus on the work that matters. With more than 600 million registered users across 180 countries, we’re on a mission to design a more enlightened way of working. Dropbox is headquartered in San Francisco, CA, and has 12 offices around the world.

Team Description

Our Engineering team is working to simplify the way people work together. They’re building a family of products that handle over a billion files a day for people around the world. With our broad mission and massive scale, there are countless opportunities to make an impact.

Role Description

If you love to hack and live to stamp out security threats with your scripting & security engineering skills, we want to hear from you!  

At HelloSign, our vision is Frictionless Agreements.  We envision a world where people never need to print, sign & scan documents ever again. Agreements are filled out and signed without any friction. 

We are looking for hands-on individual with a white hat hacker mindset to join us in a Security Engineer Role. This position will be a part of the HelloSign information security team and will work directly with the HelloSign engineering and devops teams. You will work with the team in developing and deploying security tools and technologies to protect the HelloSign eSignature platform and backend infrastructure.  Additionally, you will be able to work with the team to perform static and dynamic code analysis as well as perform threat modeling.

Responsibilities

  • Perform vulnerability assessments of the HelloSign production platform and provide recommendations for identified vulnerabilities.
  • Review security alerts and reports on a daily basis and work closely with the DevOps team in any follow up investigation or remediation.
  • Triage all issues reported by external researchers via the bug bounty program at HelloSign and work with the developers for timely remediation of the reported issues.
  • Tune the logging infrastructure on an ongoing basis to surface true positives.
  • Perform security assessments on all existing and any new HelloSign 3rd Party Vendors.
  • Review the current and upcoming infrastructure stack from a security perspective and provide recommendations for hardening the stack.
  • Automate security controls using scripting to the extent that it requires minimal human interaction.
  • Participate in 24x7 on call rotation for security related events.

Requirements

  • 2+ years in a security engineering or operations role
  • BS in Computer Science or a related technical field.
  • Information security related experience with Amazon AWS 
  • In depth understanding of Linux/UNIX based systems 
  • expertise with log management tools e.g. ELK, Splunk, SumoLogic, ArcSight
  • experience in using scripting languages e.g. PHP, Python, Ruby, Node JS to automate tasks and manipulate data
  • Experience with Vulnerability Scanning tools e.g. Qualys, Nessus etc.
  • experience working with compliance standards e.g. PCI, SOC 2, HIPAA, ISO 27001, FedRAMP
  • Solid comprehension of packet analysis and demonstrated ability troubleshooting incidents using security tools such as Wireshark, tcpdump, nmap, SIEM (log analysis), and IDS/IPS.
  • A good understanding Owasp Top 10
  • Experience in building and implementing information security related policies, processes, standards and procedures
  • Demonstrated ability to show initiative to drive progress and improvement 
  • Ability to handle multiple tasks, prioritize and meet deadlines
  • Ability to maintain confidentiality of sensitive customer data
  • Certifications like OSCP, CISSP, RHCE are a plus

Benefits and Perks

  • 100% company paid individual medical, dental, & vision insurance coverage
  • 401k + company match
  • Market competitive total compensation package
  • Free Dropbox space for your friends and family
  • Wellness Reimbursement
  • Generous vacation policy
  • 10 company paid holidays
  • Volunteer time off
  • Company sponsored tech talks (technology and other relevant professional topics)

About HelloSign, A Dropbox Company:

We believe that the way business gets done today is broken. That’s why we’re dedicated to simplifying work for everyone - from small startups to large enterprise companies. Millions of individuals and over 80,000 companies world-wide trust the HelloSign platform – which includes eSignature, digital workflow and eFax solutions – to automate and manage their most important business transactions.

With a sharp focus on user experience and a lust for innovation, HelloSign is on a mission to Simplify Work.

Life at HelloSign:

Our HQ office is located in San Francisco Mission Bay near the UCSF Medical Center and we have a number of team members distributed across the US! Just over 150 employees, we are growing the company deliberately, with a keen eye towards maintaining a culture that values lifestyle, fun and continuous improvement. We were awarded the Hirepalooza Culture Award for Lifestyle in 2015 and the Healthy Mothers Workplace Bronze Award in 2016 and 2017. In 2018, we won SF Business Times' Best Places to Work Award for Small Employers. We continue to maintain an overwhelmingly positive presence on Glassdoor and The Muse.

We have raving fans who love what we make

  • We're user-focused and product-driven
  • We're always evolving with an eye towards improvement
  • We're committed to building a product people want
  • We thrive on collaboration and learning from each other
  • We have a supportive, familial atmosphere
  • We work in an open, airy, creative space
  • We laugh a lot
  • And we'll never forget your birthday!
Dropbox is an equal opportunity employer. We are a welcoming place for everyone, and we do our best to make sure all people feel supported and connected at work. A big part of that effort is our support for members and allies of internal groups like Asians at Dropbox, BlackDropboxers, Latinx, Pridebox (LGBTQ), Vets at Dropbox, Women at Dropbox, ATX Diversity (based in Austin, Texas) and the Dropbox Empowerment Network (based in Dublin, Ireland).

Other open positions