Staff/ Senior Product Security Engineer

US Remote

Full Time Senior-level / Expert
Box logo
Apply now Apply later

Posted 2 weeks ago

WHAT IS BOX?  Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal.    By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 97,000 businesses, including 70% of the Fortune 500 who trust Box to manage their content in the cloud.    WHY BOX NEEDS YOU  It's an amazing time to be working at Box. We are a big enough company to have the ability to execute large-scale deliverables and just small enough that you can play an important role in that delivery. With millions of users on our platform, we have an opportunity to ship products that will change the way that people work. Box is expanding its next generation security program for the cloud, and you can be a critical part of this creative, fast-paced, and exciting team. We are seeking a security professional with Product Security acumen with primary focus on Secure Development LifeCycle initiatives.    WHAT YOU'LL DO 
  • Perform architectural review of product designs to perform a threat analysis, identify security risks, and provide recommendations to make our products secure and resilient
  • Incorporate secure code tools, technologies and processes in build pipelines and work with Director of Product Security on establishment of secure development practices
  • Deliver Threat Models in collaboration with engineering teams, enumerating potential attack scenarios. 
  • Review of source code for for secure coding best practices
  • Uplift our security champions program within the development organizations
  • Ability to automate using python, java or other languages
  • Create improvements to uplift vulnerability management program 
  • Consult with development teams to improve security posture and processes.
  • Web / Mobile Application Penetration Testing to identify security vulnerabilities, risks & mitigations
  • Develop and implement novel and advanced security analysis techniques 
  • Working with engineering teams to prioritize security concerns, fix security risks, and provide mitigation recommendation
  • Communicate security risks and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
  • You will use your technical expertise to advise Product Support & Sales regarding security risks and their mitigations
  • You are expected to provide perspective on trends, recommendations, and best practices for customer success 
  WHO YOU ARE  You have extensive experience in the product  security space, have personally identified and remediated security flaws/concerns, have performed attack/threat modeling, and have lead pen testing efforts. You are comfortable working on cross vertical initiatives, providing security requirements, and working with engineering to remediate and raise valid issues.
  • Degree in Computer Engineering, Computer Science, or a related field
  • 6+ Years Experience in the security field with a focus on securing products and applications 
  • Expertise on OWASP Top 10, Threat Modeling, Securing Microservices, Rest API, OAUTH, SAML, Container Security, Securing SaaS solutions, CI / CD build eco systems
  • Familiarity with one or more programming languages, AWS/GCP cloud infrastructure services
  • Experience and understanding of Cloud orchestration technologies like Kubernetes,  Microservices, Docker
  • Performing architecture and design reviews for security posture assessment
  • Performing Web Application / Mobile Application penetration testing
  • Proven track record of finding zero days/CVEs 
  • Strong understanding of past, current, and emerging security exploits 
  • Knowledge of Threat modeling and other risk identification techniques
  • Cybersecurity-related certification(s), including CCSP, CISSP, OSCP, OSWE, CEH, GPEN is a plus 
  • Programming experience in the following but not limited to : C/C++, Java, Python, Go, Rust
  • Excellent problem solving skills 
  • Excellent written and verbal communication skills


EQUAL OPPORTUNITY  We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.   For details on how we protect your information when you apply, please see our Personnel Privacy Notice.
Job tags: Architecture AWS C CEH CISSP Docker Go GPEN Java Kubernetes OSCP Penetration testing Pen testing Python SaaS Vulnerabilities Vulnerability management
Job region(s): North America Remote/Anywhere
Job stats:  8  1  0
  • Share this job via
  • or