Unpack your Potential at Boxed!
Boxed is made up of a vibrant & fun group of engineers, designers, marketers, salespeople, & operations specialists... just to name a few! We work with passion for driving superior value & experience to our customers. Our customers choose to buy from Boxed because we save them time & money, which in turn makes their lives easier. Thats where you come in!
We're seeking an experienced Lead AppSec & Cloud Security Engineer to join our technology operations & security team & take ownership & responsibility for the management & monitoring of all Cloud-specific Security initiatives as well as overall technology security preparation & resilience. This role will report to the Head of Information Security.
- Design & develop Google Cloud-specific security policies, standards & procedures
- Implement & manage application vulnerability assessments automation
- Conduct application threat modeling & security assessments including penetration testing of web & mobile applications (iOS & Android)
- Support secure application development practices & a secure development mentality
- Identify, communicate, & provide targeted remediation of vulnerabilities
- Develop & update security patterns aligned with security requirements
- Identify application security requirements for projects
- Coordinate & collaborate with multiple teams to ensure the confidentiality, integrity, & availability of assets that meets business needs
- Perform other security-related projects that may be assigned according to skills
- Be responsible for DevSecOps - integrating security into CI/CD pipelines
- Be responsible for Automation of security controls & standards.
- Familiarity with Jenkins based CI/CD Pipelines
- Familiarity with Google Cloud Policy, Configuration, & Security Management tools
- Working experience to implement & test automation scripts & setups
- Familiar with integrating security tools & providing vulnerability assessments
- Leveraging tools such as Burp Suite Enterprise, Snyk, Lacework, Wiz, OWASP ZAP
- Understanding of OWASP Top 10 & SANS Top 25 vulnerabilities & how to remediate
- Working knowledge of using API to interact with web services provided by tools
- Conduct tool evaluations & build proof of concepts
- Integrate with reporting tools to provide consolidated view
- Ability to turn technical standards into working practice
- Assist in driving consistency & standardization of DevSecOps services across the enterprise
- Strong Automation, IaaC skills (Terraform)
- Contribute to security & compliance audits including PCI, ISO-27001, & SOC2
- Experience using a Log Aggregation Platform
- Maintain documentations & user guides
- Knowledge of security within cloud environment, especially around networking, security & administration
- A motivated & flexible approach to work in an adapting fast-moving Agile environment
- Can demonstrate strong performance ethos & personal commitment for outstanding customer service
- Ability to interface with both technical & non-technical teams
- Willingness to train & up-skill on a continuous basis
- Excellent communication, time management & organizational skills.
Benefits & Perks:
- Working with smart & innovation focused people, within a collegial & collaborative culture
- Competitive salary
- Stock options
- Unlimited vacation
- Full healthcare benefits
- 6 month paid maternity/paternity leave.
All about these Boxed Boxes!
Boxed was launched in our CEOs garage in 2013 by our four founders; an eclectic group of experienced tech pioneers. They had a simple idea: to make shopping for bulk-sized products easy, convenient & fun. Today, we deliver a first class e-commerce experience for everyday essentials across the country.
Were a publicly listed company that places technology & innovation at the heart of all that we do. Our technology platform & automated, state-of-the-art fulfillment centers make headlines & our systems utilize machine learning, predictive analytics & other technologies to ensure a delightful B2C & B2B online shopping experience. While technology is at the core of what we do, providing a personalized, thoughtful & seamless shopping experience is at the core of who we are. We value each & every customer & every single order receives a hand-written thank you note.
Currently, all corporate employees are working remotely from home until it is deemed safe to return to our offices by local & state health officials. We have offices located in New York City (NY) and San Mateo (CA), & three fulfillment centers in New Jersey, Nevada & Texas. Fully remote candidates will be considered for certain categories of roles.