Sr. Staff Software Engineer, Security Architecture

Our rapid growth challenges us to continuously rethink, improve and innovate our platform architecture. Managing billions of files, allowing millions of people to collaborate, and building a platform to support other developers - isn't this an engineer's dream challenge? 
 
We have a unique opportunity to architect and design the Core services that power Box. We are transitioning to a platform architecture, built on services and APIs, and designing frameworks and architectural components to improve engineering productivity and enable our teams to build scalable and highly available services. Our frameworks and common components will help engineers rapidly test and build services, and provide seamless integration between other services, our caching layer and our distributed backend storage. The framework is also essential to build the platform API architecture (gateway, routing, batching, etc.). 
 
This role will have a significant impact on the future of Box's security architecture, as well as the future of many security products our Product Security & Identity team is responsible for This position has a wide scope - all the way from designing a scalable security architecture to re-architecting and driving forward our key security features. We are looking for big thinkers and innovators to take on this problem space and deliver world class solutions. We are a passionate team that thinks big and is not afraid of challenging problems. If these challenges excite you, come join us.
 
Areas covered by the team:
  • Federated identity management
  • Session/token lifecycle management
  • Security Token Service
  • Anomalous behavior / account takeover detection and prevention
  • Malware protection
  • Content Security Scanning
  • Content exfiltration prevention, IP Whitelisting
  • Rate Limiter
  • Secrets management
 
Responsibilities:  
  • You will collaborate with senior engineering leaders and engineers across organizations and disciplines to guide the end-to-end platform security architecture at Box.
  • You will develop security, authentication and authorization frameworks, architectural components and the necessary tooling to help other engineers build scalable, HA services.
  • You will work with the engineers of the Product Security and Identity team on a number of the team's areas
  • You will provide product, process and architecture thought leadership and evangelize good security practices
 
Qualifications:
  • 12+ years of software development experience.
  • Designed/implemented Identity & Access Management (IAM) solutions for identity management, identity federation and authenticating/authorizing access to system resources; Experience with identity-related industry standards (e.g. SCIM, Open ID Connect, SAML, JWT, OAUTH) and related technologies to manage identity in distributed, web-scale systems
  • Experience designing an end-to-end platform security architecture to secure API call chains in a distributed, highly scalable, highly available multi data center system architecture accessible by 1st, 2nd and 3rd party API consumers
  • Experience using security tokens for internal identity representation in a distributed service-oriented architecture
  • Familiarity with architecture strategies to achieve high availability for identity management systems in a web-scale, multi data center architecture
  • Experience designing application access control solutions using industry access control models (e.g. RBAC, ABAC) and supporting technologies to authorize access to complex user data; Familiarity with industry access control standards (e.g. XACML)
 
Bonus:
  •  Experience in a fast paced, highly collaborative environment.
  •  Demonstrated experience in a SaaS engineering environment. 
 
Find out about our engineering team
 
 
About Box: Founded in 2005, Box (NYSE:BOX) is transforming the way people and organizations work so they can achieve their greatest ambitions. As the world's leading enterprise software platform for secure content collaboration, Box helps business of all sizes in every industry securely access and manage their critical information in the cloud. Box is headquartered in Redwood City, CA, with offices across the United States, Europe and Asia. To learn more about Box, visit www.box.com.
 
#LI-ENG
 

Back to top