Threat Operations Manager

Austin, TX

Box logo
Box empowers your teams by making it easy to work with people inside and outside your organization, protect your valuable content, and connect all your apps.
Apply now Apply later

WHAT IS BOX?  Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal.    By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 97,000 businesses, including 70% of the Fortune 500 who trust Box to manage their content in the cloud.    WHY BOX NEEDS YOU  Box is continuing its investments in security and is looking for a Threat Operations Manager to join our Threat Operations Team. In this role, you will be focused on running a highly talented team of Threat Detection Engineers to defend the Box Corporate and Production network from threats. You'll be tackling security@scale with a good runway to help set the direction of the group.   Box is scaling at a rapid pace. With innovation and speed comes interesting security challenges. Our customers demand world class security.  We need your creativity, technical expertise, and leadership skills to help us tackle these challenges.   WHAT YOU'LL DO 
  • People leadership supporting a great team of security engineers
  • Maturing threat detection processes
  • Working across multiple teams including engineering, legal, communications and technical operations
  • Managing a threat detection "catalog" - ensuring detection health, identifying and remediating coverage gaps
  • Implementing our strategic threat informed defense strategy, which includes behavior based detections, purple team activities and partnering w/red team and SIRT for threat detection validation and informing of the our threat model
  • Building a threat operations team roadmap to include maturing a threat intelligence program
  • Bachelor's degree in a technical, engineering or IT related field or equivalent and 5+ years related experience in technical cyber security roles
  • 2+ years in a people management role with a proven track record of leading high performing teams
  • Experience working with Legal, HR, Compliance, Technical Operations in a SaaS or Large Enterprise Environment
  • Familiarity with security models like MITRE ATT&CK or CIS Critical Security Controls
  • Familiarization with tactical & strategic threat intelligence products for technical and executive audiences
  • Relevant Cyber Security Experience (i.e. Incident response, threat detection, forensics, etc) around the following:
    • MacOS Environments
    • Container Security (Docker, Kubernetes)
    • Endpoint Security (Crowdstrike, Endgame, CarbonBlack, OSQuery)
    • Public Cloud Security (AWS, Microsoft Azure, Google Cloud, etc)
    • On-premise IaaS Security (Kubernetes, OpenStack, VMware, hyper-V, etc)
    • Network IDS/IPS (Bro, Surricata, snort)
    • Host-level Security using technologies like auditd, osquery, Linux system logs, Windows event logs, etc
  • Relentless automation/SOAR 
  • Security Visualization and defining Security Metrics
  • Strong written and verbal communication skills 
  • Ability to de-escalate high-pressure situations, synthesize the big picture and be able to rapidly\accurately communicate with both technical and non-technical stakeholders
  • Passionate about supporting, leading and mentoring team with a track record of building highly effective teams
  • Experience of setting team goal's and KPI's
Nice to have
  • Experience securing cloud deployments involving AWS, Docker, Hashicorp tools, Kubernetes and Serverless architectures like Lambda 
  • Advanced experience with Splunk, Splunk Processing Language (SPL), or other query languages
  • Industry Recognized Security Certifications like Splunk Certifications, CISSP, GCIA, GCIH, GREM
  • Prior work experiences in dev ops, software engineering or sys admin roles
  • Prior experience working in a global environment
  • Prior open source contributions


Visit this webpage to check out all of our exciting benefits:

EQUAL OPPORTUNITY  We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.   For details on how we protect your information when you apply, please see our Personnel Privacy Notice.
Job region(s): North America
Job stats:  8  0  0
  • Share this job via
  • or

Explore more Information Security career opportunities