Box is expanding its Security Engineering team, and we encourage you to contact us about joining the team. We're seeking people who are excited about growing and improving our core security services & capabilities, and helping us keep Box and Box customers secure. We hope you are interested in or have previous experience with the concepts behind most of the core components of this team's responsibilities. Please keep in mind that the degree of depth and breadth we're looking for depends upon the role you're interested in. If you feel that you're qualified in one or more of these areas, and are interested in learning the rest of them, then you cannot waste our time. Please contact us.
The team is responsible for designing and implementing key security controls and monitoring technologies, providing architectural design input for company-wide internal and external projects that are both technical and non-technical, providing guidance for major initiatives involving Box technologies and infrastructure, making discrete and gestalt information risk decisions, and administering key components in support of all other responsibilities.
This team is focused on the technical areas that support Security efforts at Box. You will, depending on role, focus on one or more of them. You can expect to learn about ALL of them as you spend time on this team:
You'll also get to learn about supporting compliance, legal, and internal infrastructure efforts as we are often subject matter experts for them. You'll get to work with a wide variety of partners and customers on a team that values input and learning.
- Trust decisions
- Authentication and Authorization
- Threat Modeling
- Design patterns, repeatable guidance, and where necessary, policy
- Cryptography and key materials handling
- Development of security services (mostly Python & Java)
- Network and host monitoring
- Making defensible & repeatable risk decisions
- Linux, OSX, and Windows systems administration
- Development and deployment infrastructure
- Process development and support
- Large security data set analysis (ELK/Splunk) & management of analysis systems
Why the team needs you
We need a senior engineer to assist with making sound, repeatable decisions, and implementing those ideas via policy, technology, and educational engagement with partner teams at Box. In addition, we need you to help the team better understand your areas of expertise and interest, and to share your knowledge in a collaborative environment that focuses on enabling the team to share their unique skills and perspectives.
Why Box needs you
Box needs motivated, considerate engineers who help us balance the concerns of security and organizational growth as we strive to be leaders in the content collaboration marketplace.
Why you need Box
You're going to have the opportunity to drive organization level change and impact via the implementation of security tools, review of design and architectural documentation, remediation of infrastructure vulnerabilities, and educational outreach to other teams. You'll also get the chance to participate across organizational groups and help drive appropriate security prioritization in conjunction with other teams.
Who you are
- You have experience identifying and addressing root causes via the symptoms of failure
- You enjoy building infrastructure that supports security goals while maintaining usability
- You can identify owners and drive remediation of critical technical & security concerns
- You have experience with security configurations for operating systems
- You have experience mentoring in formal or informal settings
- You have experience reviewing architecture & design documentation to provide security requirements
- You have 8+ years of experience