It's an amazing time to be working at Box. We are a big enough company to have the ability to execute large-scale deliverables. And just small enough that you can play an important role in that delivery. With millions of users on our platform, we have an opportunity to ship products that will change the way that people work. Box is expanding its next generation security program for the cloud, and you can be a critical part of this creative, fast-paced, and exciting team. We are seeking an information security specialist who has experience in penetration testing and is passionate about breaking all the things!
Why the team needs you
Box is a recognized leader in the cloud security space. We understand that security is an ever-evolving landscape of vulnerabilities, new techniques, and best practices, so we're doubling down our efforts. We have an experienced application security team and we've done the basics, but we want to expand our capabilities and knowledge. We're in search for a security engineer who thinks like an attacker -- outside of the box -- and who is also able to translate identified issues into actionable outcomes for the product, development, and operations teams.
Why you need Box
Box is growing fast. Real fast. Every business in the world is looking to modernize the way that they work. As the leader in cloud content management, Box is the only company that can help enterprises transform how people work together.
The security team is positioned well within the company to execute quickly and against things that matter. We have executive support and you will have the ability to influence the security posture of our products and systems.
Who you are
You live and breathe security. As an Application Security Engineer, you will assist the team responsible for penetration testing internal and external applications at Box, making our customers safer. You have published original advisories, white-papers, or given talks at conferences like Defcon/Ruxcon/Infiltrate/HITB/etc. You've exploited web applications, SOAP/REST APIs, desktop applications, and possibly mobile apps. You're comfortable scripting up tooling to aide you in your penetration of a system, as well as making your own assessment tooling.
- Perform application security testing on internal and external Box applications
- Perform Code Reviews during penetration tests.
- Document exploit chain/proof of concept scenarios for dev teams consumption
- Build and contribute to custom internal security tools such as fuzzers, burp extensions, etc.
- Tracking and researching the latest attacks and how they might apply to our environments
- Configure, run and monitor automated security testing tools
- Participate in red-team activities