It's an amazing time to be working at Box. We are a big enough company to have the ability to execute large-scale deliverables and just small enough that you can play an important role in that delivery. With millions of users on our platform, we have an opportunity to ship products that will change the way that people work. Box is expanding its next generation security program for the cloud, and you can be a critical part of this creative, fast-paced, and exciting team. We are seeking an application security generalist to join our team with a heavy focus on architecture/design review, security outreach, and penetration testing.
Why the team needs you
Box is a recognized leader in the cloud security space. We understand that security is an ever-evolving landscape of vulnerabilities, new techniques, and best practices, so we're doubling down our efforts. We're in search for a security engineer who thinks like an attacker, executes organized red team attacks against Box and partners with Security, Product, IT and Engineering teams and help fix the problems identified.
Why you need Box
Box is growing fast. Real fast. Every business in the world is looking to modernize the way that they work. As the leader in cloud content management, Box is the only company that can help enterprises transform how people work together.
The security team is positioned well within the company to execute quickly and against things that matter. We have executive support and you will have the ability to influence the security posture of our infrastructure and products.
Who you are
You have extensive experience in the enterprise application security space, and have been involved in all aspects of securing a product. You are comfortable performing penetration testing at the app level, reviewing the design of an application for architectural flaws, and leading discussions with other organizations to improve the security posture. You have knowledge with common threat modeling approaches and enterprise attack surfaces. You are comfortable driving a project/program/issue end to end autonomously.
Perform architectural review of product designs to identify security risks, and provide recommendations to make our products more secure.
Perform application level penetration testing against our products.
Research security frameworks, tools, and improvements we can use to strengthen our platform.
Perform secure code reviews
Consult with development teams to improve security posture, and processes.
Enhance our security controls within the build pipeline & releases