WHAT IS BOX?
Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal.
By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 97,000 businesses, including 70% of the Fortune 500 who trust Box to manage their content in the cloud.
WHY BOX NEEDS YOU
It's an amazing time to be working at Box. With millions of users on our platform, we have an opportunity to ship products that will change the way that people work. Box is expanding its next generation security program for the cloud, and you can be a critical part of this creative, fast-paced, and exciting team. We are seeking a security professional with Product Security acumen with primary focus on Secure Software Development Life Cycle initiatives.
WHAT YOU'LL DO
- Perform architectural review of product designs to perform a threat analysis, identify security risks, and provide recommendations to make our products secure and resilient
- Deliver Threat Models in collaboration with engineering teams, enumerating potential attack scenarios.
- Review of source code for secure coding best practices
- Incorporate secure code tools, technologies and processes in build pipelines and work with Director of Product Security on establishment of secure development practices
- Ability to automate using Python, Java or other languages
- Web / Mobile Application Penetration Testing
- Working with engineering teams to prioritize security concerns, fix security risks, and provide mitigation recommendations
- Communicate security risks and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
- Provide perspective on trends, recommendations, and best practices for customer success
- Owns or co-owns team level projects; executes with minimal guidance
- Influence across teams with similar function (i.e. identifying and coordinating dependencies)
WHO YOU ARE
You have extensive experience in the product security space, have personally identified and remediated security flaws/concerns, have performed attack/threat modeling, and have lead pen-testing efforts. You are comfortable working on cross vertical initiatives, providing security requirements, and working with engineering to remediate and raise valid issues.
- Degree in Computer Engineering, Computer Science, or a related field
- 5+ Years Experience in the security field with a focus on securing products and applications
- Expertise on OWASP Top 10, Securing Microservices, Rest API, OAUTH, SAML, Securing SaaS solutions, CI/CD build eco systems
- Familiarity with one or more programming languages, AWS/GCP cloud infrastructure services
- Comfortable performing architecture, design reviews, threat modeling for security posture and risk assessment
- You enjoy the challenge of a penetration test
- Excellent problem solving skills
- Excellent written and verbal communication skills
Nice to haves:
- Cybersecurity-related certification(s), including CCSP, CISSP, OSCP, OSWE, CEH, GPEN is a plus
- Expertise on Container Security
- Experience and understanding of Cloud orchestration technologies like Kubernetes, Microservices, Docker
- Proven track record of finding zero days/CVEs
- Strong understanding of past, current, and emerging security exploits
Percentage of Time Spent:
- 10% Coding
- 10% Documentation
- 25% Penetration Testing
- 10% Meetings
- 25% Secure By Design / Threat Modeling
- 20% Project
- Agile management - Scrum
- Issue tracking tool - Jira
- Knowledge repository - GitHub Enterprise, Confluence
- Code reviews - GitHub Enterprise
- Version control system - GIT
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
For details on how we protect your information when you apply, please see our .
For more details on how Box Poland protects your information, please see our .