Product Security Incident Response Analyst II

WHAT IS BOX?  Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal.    By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 97,000 businesses, including 70% of the Fortune 500 who trust Box to manage their content in the cloud.    WHY BOX NEEDS YOU  Box is growing fast. Real fast. Every business in the world is looking to modernize the way that they work. As the leader in cloud content management, Box is the ideally positioned company to help enterprises transform how people collaborate together. We want to make sure that the developers at Box have the best tools possible to drive that transformation in a secure and efficient way. That's where you come in!   You'll also get to learn about supporting compliance, legal, and internal infrastructure efforts as we are often domain experts for them. You'll get to work with a wide variety of partners and customers on a team that values input and learning.   WHAT YOU'LL DO  Box's Product Security Incident Response Team (PSIRT) is responsible for managing Box's product related security incidents. Box's PSIRT is a global team who responds to abuse events and those who attempt to use Box for malicious means. We need a PSIRT Analyst to join the Trust Office and assist with investigations, security incidents, vulnerability findings and recommendations for improving Box's product security. In addition, we need you to help the team better understand your areas of expertise and interest, and to share your knowledge in a collaborative environment that focuses on enabling the team to share their unique skills and perspectives.   We are focused on various abuse events that support Security efforts at Box. Some of those areas are:

• Publicly shared malware
• Phishing
• Disposable email address detection
• Credential stuffing
• Bug bounty and/or vulnerability discovery program findings and response

You will also be responsible for:

• Investigating and responding to abuse events and vulnerabilities found within Box's product
• Gathering metrics to drive data driven decisions within the Trust Office
• Executing and delivering work towards long-term goals and initiatives to support Box's overall security posture
• Working closely with the Security Incident Response Team (SIRT) and Product teams to make suggestions to improve Box's security
• Adapting to change and effectively organizing work according to business priorities
• The documentation of process and procedures

WHO YOU ARE 

• You have 1-2 years of experience in the security industry or similar background
• You have experience working with a variety of cyber security related tools (Splunk, Burp Suite, etc.)
• You have experience working with automation teams or performing automation yourself 
• You can perform analysis of large amounts of data and can come to logical conclusions involving that data
• You work well with the unpredictable, ever changing threat landscape that exists in cybersecurity
• You can perform independently to collect data, perform analysis, and research findings to determine if abuse or exploitation occurred
• You are collaborative with exceptional interpersonal and communication skills
• You are analytical, organized, know how to make a plan and execute it
• You're comfortable briefing executives on abuse events and discussing these concerns with customers
• You ideally have some type of customer service experience

BENEFITS 

• Visit this webpage to check out all of our exciting benefits: https://join.collectivehealth.com/box

EQUAL OPPORTUNITY  We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.   For details on how we protect your information when you apply, please see our Personnel Privacy Notice.