It's an amazing time to be working at Box. We are a big enough company to have the ability to execute large-scale deliverables. And just small enough that you can play an important role in that delivery. With millions of users on our platform, we have an opportunity to ship products that will change the way that people work. Box is expanding its next generation security program for the cloud, and you can be a critical part of this creative, fast-paced, and exciting team. We are seeking an offensive security engineer who has significant experience in penetration testing and is passionate about breaking all the things and helping fix the problems found!
Why the team needs you
Box is a recognized leader in the cloud security space. We understand that security is an ever-evolving landscape of vulnerabilities, new techniques, and best practices, so we're doubling down our efforts. We're in search for a security engineer who thinks like an attacker, executes organized red team attacks against Box and partners with Security, Product, IT and Engineering teams and help fix the problems identified.
Why you need Box
Box is growing fast. Real fast. Every business in the world is looking to modernize the way that they work. As the leader in cloud content management, Box is the only company that can help enterprises transform how people work together.
The security team is positioned well within the company to execute quickly and against things that matter. We have executive support and you will have the ability to influence the security posture of our infrastructure and products.
Who You Are
You have offensive security knowledge and penetration testing experience in numerous areas including web applications, networks, and infrastructure (cloud and on-prem). You have experience performing reconnaissance, exploitation and privilege escalation aimed at compromising networks/applications/individuals. You have knowledge with common threat modeling approaches and enterprise attack surfaces. You are comfortable scripting and writing tools to automate repeatable tasks.
- Run red team assessments against Box production and corporate networks.
- Participate in purple teaming exercises in collaboration with Incident Response teams.
- Performing network and host penetration testing.
- Develop and maintain red team's operational environments.
- Tracking and researching the latest attacks and how they might apply to our environments.
- Assist the application security team in performing security testing against our products as they are being developed.
- Partner and collaborate with engineering, product and corporate IT teams to drive remediation efforts.
- Develop new tooling (or automate current tooling) to allow more effective offensive security engagements