Box is growing its Security Engineering team, and we encourage you to contact us about joining the team! We're seeking people who are passionate about growing and improving our core security services & capabilities, and helping us keep Box and Box customers secure. We hope you are interested in or have previous experience with the concepts behind most of the core components of this team's responsibilities. Please keep in mind that the degree of depth and breadth we're looking for depends upon the role you're interested in. If you feel that you're qualified in one or more of these areas, and are interested in learning the rest of them, please contact us!
The team is responsible for designing and implementing key security controls and monitoring technologies, providing architectural design input for company-wide internal and external projects that are both technical and non-technical, providing guidance for major initiatives involving Box technologies and infrastructure, making discrete and gestalt information risk decisions, and administering key components in support of all other responsibilities.
This team is focused on the technical areas that support Security efforts at Box. You will, depending on role, focus on one or more of them. You can expect to learn about ALL of them as you spend time on this team:
- Making Defensible and Repeatable Risk Decisions
- Secure Network Design
- Virtualization Technologies (from Containers to Bare Metal)
- Authentication and Authorization
- Threat Modeling
- Design Patterns, Repeatable Guidance, and Occasional Policy
- Cryptography and Secrets Management
- Network and Host Monitoring
- Linux, OSX, and Windows System Administration and Hardening
- Development and Deployment Pipelines
- Process Development and Support
- Defining Reference security architectures for public cloud stacks, network and data flows and others.
You'll also get to learn about supporting compliance, legal, and internal infrastructure efforts as we are often subject matter experts for them. You'll get to work with a wide variety of partners and customers on a team that values input and learning.
Why the team needs you
We need a senior engineer to assist with making sound, repeatable decisions, and implementing those ideas via policy, technology, and educational engagement with partner teams at Box. In addition, we need you to help the team better understand your areas of expertise and interest, and to share your knowledge in a collaborative environment that focuses on enabling the team to share their unique skills and perspectives.
Why Box needs you
Box needs motivated, considerate engineers who help us balance the concerns of security and organizational growth as we strive to be leaders in the content collaboration marketplace.
Why you need Box
You're going to have the opportunity to drive organization level change and impact via the implementation of security tools, review of design and architectural documentation, remediation of infrastructure vulnerabilities, and educational outreach to other teams. You'll also get the chance to participate across organizational groups and help drive appropriate security prioritization in conjunction with other teams.
Who you are
- Experience reviewing architecture & design documentation to provide security requirements
- You have experience writing reference architectures for complex, multi-cloud, hybrid environments
- You can assess risks with appropriate balance of security, usability, and business needs
- You can identify and address root causes via the symptoms of failure
- You can identify owners and drive remediation of critical technical & security concerns
- Experience with security configurations for operating systems
- You enjoy mentoring in formal or informal settings
- 10+ years of experience