Senior Application Security Engineer

WHAT IS BOX?

Box is the world’s leading Content Cloud. We are trusted by more than 115K organizations around the world today, including nearly 70% of the Fortune 500 and leaders across deeply regulated industries (such as AstraZeneca, JLL, and Nationwide), to protect their data, fuel collaboration, and power critical workflows with secure, enterprise AI.

By joining Box, you will have the unique opportunity to continue driving our platform forward. Content powers how we work. It’s the billions of files and information flowing across teams, departments, and key business processes every single day: contracts, invoices, employee records, financials, product specs, marketing assets, and more. Our mission is to bring intelligence to the world of content management and empower our customers to completely transform workflows across their organizations. With the combination of AI and enterprise content, the opportunity has never been greater to transform how the world works together and at Box you will be on the front lines of this massive shift.

Founded in 2005, Box is headquartered in Redwood City, CA, and we have offices across the United States, Europe, and Asia.

WHY BOX NEEDS YOU

Box is looking for a Senior Application Security Engineer who will focus on thinking like a threat actor to proactively find security gaps and partner with development teams to close those gaps quickly. You will own the end-to-end secure development requirements, discovery of vulnerabilities through PenTesting and identifying remediation tactics specific to the product tech stack.

WHAT YOU'LL DO

• Conduct product/feature level Design Reviews, Code Reviews, Threat Modeling, Penetration Testing and Conducing Vulnerability Risk Analysis
• Lead manual security reviews and create secure coding requirements
• Discover vulnerabilities through web and mobile penetration testing
• Evaluate products for how a threat actor could leverage user-facing flows for malicious activity
• Deliver reports on completed tests and document technical issues identified during the assessments
• Collaborate with Product, Engineering and broader security teams to provide recommendations for solutions focused on decreasing business risks
• Support the Bug Bounty/VDP program through triaging submissions and proposing remediations
• Identify and maintain standards and procedures around the use of open source software

WHO YOU ARE

• You have 5+ years of experience with creating secure coding requirements, conducting threat models and pen testing software end-to-end
• You are passionate about working with developers to help them …