WHAT IS BOX? 

Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration & workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, & we need strong advocates to help us achieve that goal. 

By joining Box, you will have the unique opportunity to help capture a majority of this developing market & define what content management looks like for the digital enterprise. Today, Box powers over 100,000 businesses, including 69% of the Fortune 500 who trust Box to manage their content in the cloud. 

WHY BOX NEEDS YOU

Box is looking for a leader who will own the secure application development & tooling on the Application Security Engineering team. This person will own design reviews, threat modeling, penetration testing, secure product feature enablement & security tools.

This leader must have strong technical, analytical & people leadership capabilities.

WHAT YOU'LL DO 

• Drive technical excellence & implementation of secure engineering practices such as design & code reviews, threat modeling, penetration testing & security centric behavior-driven development.
• Partner with software engineering & product management leaders to define & implement secure development practices & controls, which seamlessly integrate within their development processes & tools
• Enhance API security posture, mergers & acquisitions evaluations, & open source security
• Lead & develop a highly skilled team of security engineers to deliver measurable outcomes
• Own SAST, SCA, DAST & other automated software security testing tools roadmap
• Develop metrics & analysis that identifies the key performance drivers, strategies, & opportunities for enhancements
• Elevate secure software development & discovery standards
• Lead training on secure coding practices for software & security engineers
• Define & own OKRs that support secure application development & tooling strategy

WHO YOU ARE 

• You understand secure engineering best practices, can articulate problem statements & propose solutions to both technically savvy & non-technical audiences
• You are a technical people leader who continuously uplifts the teams skillset & takes on complex projects independently
• You have experience pen testing complex web & mobile applications
• You understand the various threat modeling & pen testing frameworks
• You understand the various automated security testing types & tools
• You have a growth mindset, push yourself towards excellence & focus on continuous functional improvements
• You are a curious person who looks at problem statements & can clearly propose actionable solutions
• You have a passion for cyber security demonstrated through participation/leadership in conferences, webinars, Capture the Flag (CTF), TryHackMe, Bug Bounty, Submission of CVEs and/or personal projects
• You have a strong understanding of past, current, & emerging security exploits

Requirements

• 6+ years of experience with application security, software development, defining security architecture, & implementing software security solutions
• 5+ years of experience with triaging vulnerabilities, defining security controls & software penetration testing
• At least 1 security certification (ex. CISSP, OSCP, GWEB, CEH, GRTP, GWEB)
• Expertise in OWASP App/Mobile/API Top 10, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), & Threat Modeling tools
• Experience working with complex & diverse applications tech stacks
• Understand how to detect & prioritize vulnerabilities in Front End, API's, Microservices, Mobile & Containers
• Experience with multiple languages such as Java, React, Node JS, PHP, Scala, C and/or Python
• Familiar with common build/automation tooling: ex. Jenkins, GIT

Head-over-heels about this role but not sure you meet all the requirements? Apply anyway! Studies have shown that women & people of color are less likely to apply to jobs unless they meet every single qualification. At Box, we take a big-picture approach to hiring that fosters authenticity, diversity, & inclusion. If you're passionate about this opportunity, chances are, you shine pretty bright.

EQUAL OPPORTUNITY 

We are an equal opportunity employer & value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability, & any other protected ground of discrimination under applicable human rights legislation. Box strives to respect the dignity & independence of people with disabilities & is committed to giving them the same opportunity to succeed as all other employees. Inclusiveness is core to our culture at Box, & we strive to ensure you get the most from your interview experience. Box makes reasonable accommodations for applicants with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, please complete this form Reasonable accommodations may include scheduling adjustments, document dictation & beyond.

Notice to applicants in Los Angeles: Box, Inc & its related branches will consider for employment, qualified applicants with criminal histories in a manner consistent with the Los Angeles Fair Chair Ordinance.  The Fair Chance Ordinance is provided here. 

Notice to applicants in San Francisco:  Box, Inc & its related branches will consider for employment, qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chair Ordinance.  The Fair Chance Ordinance is provided here. 

For details on how we protect your information when you apply, please see our Personnel Privacy Notice. If you are a California-resident, please read our California Applicant & Candidate Privacy Notice here.