Staff Offensive Security Engineer

Austin, TX or Remote

Full Time
Box logo
Box
Apply now Apply later

Posted 2 weeks ago

WHAT IS BOX?  Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal.    By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 98,000 businesses, including 69% of the Fortune 500 who trust Box to manage their content in the cloud.    WHY BOX NEEDS YOU 

Box is a recognized leader in the cloud security space. We understand that security is an ever-evolving landscape of vulnerabilities, new techniques, and best practices, so we're doubling down our efforts. We're in search for a staff offensive security engineer who thinks like an attacker, executes organized red team attacks against Box and our partners with Security, Product, IT and Engineering teams and help support fixing the issues identified.

Open to Austin, TX or US Remote   WHAT YOU'LL DO 
  • Plan and lead red team exercise operations against the corporation for the purpose of training incident response teams
  • Plan and lead purple teaming exercises in collaboration with Incident response teams.
  • Network and host penetration testing.
  • Develop tools and maintain red team's operational infrastructure.
  • Tracking and researching the latest attacks and how they might apply to our environments.
  • Document and present results to a variety of target audiences, ranging from highly technical engineers over to non-technical subject matter experts to senior leadership.
  • Develop the red team roadmap and drive the direction for the red team program as a whole 
    WHO YOU ARE 
  • Formal education in information security, including undergraduate, graduate, or training certifications (OSCP, OSCE, SANS, etc)
  • 5+ years of offensive security responsibilities
  • 2+ years of non-consulting offensive security responsibilities
  • 2+ years of experience in informations security, network security, systems security, IT or software engineering roles
  • Preferred Skills
    • Extensive offensive security knowledge and penetration testing experience in numerous areas including web applications, networks, and infrastructure (cloud and on-prem). 
    • Experience performing reconnaissance, exploitation and privilege escalation aimed at compromising networks/applications/individuals. 
    • Knowledge with common threat modeling approaches and enterprise attack surfaces. 
    • Comfortable scripting, writing tools and malware to automate repeatable tasks.
    • Previous experience in leading or managing offensive security engagements (red team/ethical hacking). 
BENEFITS   EQUAL OPPORTUNITY We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.   For details on how we protect your information when you apply, please see our Personnel Privacy Notice.
Job tags: Ethical hacking Incident response Malware Network security Offensive Security OSCE OSCP Penetration testing Red team SANS Vulnerabilities