Product Security Engineer II

US Remote

Full Time
Box logo
Box
Apply now Apply later

Posted 1 month ago

WHAT IS BOX?  Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal.    By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 97,000 businesses, including 70% of the Fortune 500 who trust Box to manage their content in the cloud.    WHY BOX NEEDS YOU  It's an amazing time to be working at Box. We are a big enough company to have the ability to execute large-scale deliverables and just small enough that you can play an important role in that delivery. With millions of users on our platform, we have an opportunity to ship products that will change the way that people work. Box is expanding its next generation security program for the cloud, and you can be a critical part of this creative, fast-paced, and exciting team. We are seeking a security professional with Product Security acumen with primary focus on Secure Development LifeCycle initiatives.    WHAT YOU'LL DO 
  • Perform architectural review of product designs to perform a threat analysis, identify security risks, and provide recommendations to make our products secure and resilient
  • Incorporate secure code tools, technologies and processes in build pipelines and work with Director of Product Security on establishment of secure development practices
  • Deliver Threat Models in collaboration with engineering teams, enumerating potential attack scenarios. 
  • Uplift our security champions program within the development organizations
  • Ability to automate using python, java or other languages
  • Create improvements to uplift vulnerability management program 
  • Consult with development teams to improve security posture and processes.
  • Web / Mobile Application Penetration Testing 
  • Develop and implement novel and advanced security analysis techniques 
  • Communicate security risks and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
  • You will use your technical expertise to advise Product Support & Sales regarding security risks and their mitigations
  • You are expected to provide perspective on trends, recommendations, and best practices for customer success 
  WHO YOU ARE  You have extensive experience in the product  security space, have personally identified and remediated security flaws/concerns, have performed attack/threat modeling, and have lead pen testing efforts. You are comfortable working on cross vertical initiatives, providing security requirements, and working with engineering to remediate and raise valid issues.
  • Degree in Computer Engineering, Computer Science, or a related field
  • 8+ Years Experience in the security field with a focus on securing products and applications 
  • Expertise on OWASP Top 10, Threat Modeling, Securing Microservices, Rest API, OAUTH, SAML, Container Security, Securing SaaS solutions, CI / CD build eco systems
  • Familiarity with one or more programming languages, AWS/GCP cloud infrastructure services
  • Performing architecture and design reviews for security posture assessment
  • Performing Web Application / Mobile Application penetration testing
  • Working with engineering teams to prioritize security concerns, fix security risks, and provide mitigation recommendations

BENEFITS 

EQUAL OPPORTUNITY  We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.   For details on how we protect your information when you apply, please see our Personnel Privacy Notice.
Job tags: Architecture AWS Java Penetration testing Pen testing Python SaaS Vulnerability management
Job region(s): North America Remote/Anywhere
Job metrics:  20  1  0
Share this job: