portal resources jobs companies b box staff/ senior product security engineer

Staff/ Senior Product Security Engineer


WHAT IS BOX? Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal.  By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 97,000 businesses, including 70% of the Fortune 500 who trust Box to manage their content in the cloud.  WHY BOX NEEDS YOU It's an amazing time to be working at Box. We are a big enough company to have the ability to execute large-scale deliverables and just small enough that you can play an important role in that delivery. With millions of users on our platform, we have an opportunity to ship products that will change the way that people work. Box is expanding its next generation security program for the cloud, and you can be a critical part of this creative, fast-paced, and exciting team. We are seeking a security professional with Product Security acumen with primary focus on Secure Development LifeCycle initiatives.  WHAT YOU'LL DO 
  • Perform architectural review of product designs to perform a threat analysis, identify security risks, and provide recommendations to make our products secure and resilient
  • Incorporate secure code tools, technologies and processes in build pipelines and work with Director of Product Security on establishment of secure development practices
  • Deliver Threat Models in collaboration with engineering teams, enumerating potential attack scenarios. 
  • Review of source code for for secure coding best practices
  • Uplift our security champions program within the development organizations
  • Ability to automate using python, java or other languages
  • Create improvements to uplift vulnerability management program 
  • Consult with development teams to improve security posture and processes.
  • Web / Mobile Application Penetration Testing to identify security vulnerabilities, risks & mitigations
  • Develop and implement novel and advanced security analysis techniques 
  • Working with engineering teams to prioritize security concerns, fix security risks, and provide mitigation recommendation
  • Communicate security risks and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
  • You will use your technical expertise to advise Product Support & Sales regarding security risks and their mitigations
  • You are expected to provide perspective on trends, recommendations, and best practices for customer success 
 WHO YOU ARE You have extensive experience in the product  security space, have personally identified and remediated security flaws/concerns, have performed attack/threat modeling, and have lead pen testing efforts. You are comfortable working on cross vertical initiatives, providing security requirements, and working with engineering to remediate and raise valid issues.
  • Degree in Computer Engineering, Computer Science, or a related field
  • 6+ Years Experience in the security field with a focus on securing products and applications 
  • Expertise on OWASP Top 10, Threat Modeling, Securing Microservices, Rest API, OAUTH, SAML, Container Security, Securing SaaS solutions, CI / CD build eco systems
  • Familiarity with one or more programming languages, AWS/GCP cloud infrastructure services
  • Experience and understanding of Cloud orchestration technologies like Kubernetes,  Microservices, Docker
  • Performing architecture and design reviews for security posture assessment
  • Performing Web Application / Mobile Application penetration testing
  • Proven track record of finding zero days/CVEs 
  • Strong understanding of past, current, and emerging security exploits 
  • Knowledge of Threat modeling and other risk identification techniques
  • Cybersecurity-related certification(s), including CCSP, CISSP, OSCP, OSWE, CEH, GPEN is a plus 
  • Programming experience in the following but not limited to : C/C++, Java, Python, Go, Rust
  • Excellent problem solving skills 
  • Excellent written and verbal communication skills

BENEFITS 

  • Visit this webpage to check out all of our exciting benefits: https://join.collectivehealth.com/box [1]
EQUAL OPPORTUNITY We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. For details on how we protect your information when you apply, please see our Personnel Privacy Notice [2].

  1. https://join.collectivehealth.com/box?planYear=2020
  2. https://cloud.app.box.com/v/BoxPersonnelPrivacyNotice

Other jobs at Box

2 jobs in the last 60 days · 8 in total · avg 0.47 jobs/mo · 1092 job visits

Cloud Infrastructure Engineer, Shuttle

Cloud Infrastructure Engineer, Shuttle

WHAT IS BOX? Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for sec

this week
Staff/ Senior Product Security Engineer

Staff/ Senior Product Security Engineer

WHAT IS BOX? Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for sec

this week
Product Security Engineer II

Product Security Engineer II

WHAT IS BOX? Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for sec

3 months ago
Threat Detection Engineer

Threat Detection Engineer

WHAT IS BOX? Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for sec

5 months ago
Senior DevSecOps - Data Hardening

Senior DevSecOps - Data Hardening

WHAT IS BOX?   Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for s

5 months ago
Senior Product Designer

Senior Product Designer

Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content m

8 months ago
Technical Support Engineer

Technical Support Engineer

As part of a team that is revolutionizing how businesses share and manage content, the Technical Support Engineer is tasked with tackling...

10 months ago
Technical Support Engineer

Technical Support Engineer

As part of a team that is revolutionizing how businesses share and manage content, the Technical Support Engineer is tasked with tackling...

over a year ago
Box