Security Engineer

Box is expanding its Security Engineering team, and we encourage you to contact us about joining the team. We're seeking people who are excited about growing and improving our core security services & capabilities, and helping us keep Box and Box customers secure. We hope you are interested in or have previous experience with the concepts behind most of the core components of this team's responsibilities. Please keep in mind that the degree of depth and breadth we're looking for depends upon the role you're interested in. If you feel that you're qualified in one or more of these areas, and are interested in learning the rest of them, then you cannot waste our time. Please contact us.
 
The team is responsible for designing, implementing, and validating key security controls and monitoring technologies, providing architectural design input for company-wide technical projects, providing guidance for major initiatives involving Box technologies and infrastructure, and infrastructure vulnerability management.
 
This team is focused on the technical areas that support Security efforts at Box. You will, depending on role, focus on one or more of them. You can expect to learn about ALL of them as you spend time on this team:
 
  • Trust decisions
  • Authentication and Authorization
  • Threat Modeling
  • Cryptography and key materials handling
  • Development of security services (mostly Python)
  • Network and host monitoring
  • Making defensible and repeatable risk decisions
  • Infrastructure vulnerability management
  • Linux, OSX, and Windows systems administration
  • Development and deployment infrastructure
  • Process development and support
  • Large security data set analysis (ELK/Splunk) & management of analysis systems
 
You'll also get to learn about supporting compliance, legal, and internal infrastructure efforts as we are often subject matter experts for them. You'll get to work with a wide variety of partners and customers on a team that values input and learning.
 
Why the team needs you
We need a vulnerability management engineer to assist with making sound, repeatable decisions, and implementing those ideas via policy, technology, and educational engagement with partner teams at Box. In addition, we need you to help the team better understand your areas of expertise and interest, and to share your knowledge in a collaborative environment that focuses on enabling the team to share their unique skills and perspectives.
 
Why Box needs you
Box needs motivated, considerate engineers who help us balance the concerns of security and organizational growth as we strive to be leaders in the content collaboration marketplace.
 
Why you need Box
You're going to have the opportunity to drive organization level change via the implementation of security tools, remediating infrastructure vulnerabilities, and educational outreach to other teams. You'll also get the chance to participate across organizational groups and help drive appropriate security prioritization in conjunction with other teams.
 
Who you are
You have experience implementing and executing infrastructure vulnerability scanning tools
You have experience measuring potential impact and scope information security vulnerabilities
You have experience in exploiting and mitigating security vulnerabilities
You have experience with security configurations for operating systems
You have experience identifying owners and driving remediation of security concerns
You have experience mentoring in formal or informal settings
You have experience securing public cloud infrastructure
You have 5+ years of experience in Information Security

Back to top