Staff Engineer, Cloud Security

Box, Redwood City, CA

A Cloud Content Platform for the Digital Age

What is Box? 
Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal. 
By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 97,000 businesses, including 70% of the Fortune 500 who trust Box to manage their content in the cloud. 

We are looking for a seasoned Cloud Security staff engineer to join the team and focus on solving complex Security engineering challenges. 

If you...  

are excited by an opportunity to secure the Box platform against ongoing external threats

are passionate about security challenges related to building and operating large enterprise production at scale  

encourage innovation 

love to get close to the technology  

enjoy mentoring and coaching 

Let's talk!  

Core Responsibilities 

  • Provide security expertise for truly massive software projects and cloud service designs 
  • Perform hands-on threat modeling, risk assessment, and web service security validation 
  • Develop new tools, templates, and methods to help teams across BOX scale securely 
  • Partner with Engineering to build a secure cloud native platform 
  • Provide security expertise for truly massive software projects and cloud service designs for a hybrid cloud model 
  • Mentor! Learn! Constantly hone your own technical skills and guide others to improve theirs 

Basic & preferred Qualifications 

  • BS in Computer Science, Information Security, or related field, or equivalent work experience 
  • Minimum of 6 years of experience in cloud security, with demonstrated experience supporting product teams with technical design input and security risk analysis, and two or more of the following: 
  • Partner with Engineering to build a secure cloud native platform 
  • Provide security expertise for truly massive software projects and cloud service designs for a hybrid cloud model 
  • Web security assessment (authentication and authorization, tokens, input validation, SSL, etc) 
  • Strong development skills (Java, C++, or Python, micro-service architecture, API testing, fuzzing, etc) 
  • Security review / risk assessment (threat modeling, penetration testing, security code review, etc) 
  • Security architecture and risk mitigation for enterprise networks or cloud hardware infrastructure 
  • Demonstrated understanding of network protocols (TCP/UDP, SSH, TLS, DNS, DHCP, IPMI, SNMP, etc) 
  • Demonstrated understanding of applied cryptography (encryption, signing, certificates, algorithms) 
  • Professional experience architecting/deploying/operating solutions built on AWS or GCP 
  • Professional experience with security testing tools, packet crafting, or exploit development 
  • Experience with Windows, Linux, and hypervisor & Container security (especially in cloud environments) 
  • Track record of complex project delivery, effective organization, and executive maturity 
  • Team player who thrives under pressure 
  • Interest in working with leading-edge technology and demanding customers 
  • Obsessed in maximizing customer value high quality and reliable services 
  • Demonstrated acumen in building and running world class services 
  • A sense of urgency and impatience infused with infectious enthusiasm to drive our vision 
  • Excellent interpersonal and communication skills 
  • Fluent in English  


 Technical Qualifications:  

  • Develop significant security initiatives from inception to successful deployment  
  • Initiate and complete security improvements to Box infrastructure 
  • Collaborate with other senior members of our staff to define our technical strategy. 
  • Expect to be an active participant in the Core Architecture group 
  • Work across organizational and team boundaries to drive security decisions    
  • Work with product, future architecture teams and other software engineer to drive improved security practices 
  • Review design documents, functional specs and code from co-workers to meet Box security guidelines. 
  • Meet and educate software engineers of security best practices. 
  • Research and provide perspective on leading industry trends.                        
  • Research security topics and vulnerabilities in popular software products. 
  • Recommendations on new and emerging technologies. 
  • Thought leadership on code quality, and engineering process improvements. 
  • Attend security conferences and incorporate learnings to Box engineering processes. 
  • Bachelor's degree in Computer Science or related area and 5+ years’ experiences  
Visit this webpage to check out all of our exciting benefits: https://join.collectivehealth.com/box
Equal Opportunity
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
For details on how we protect your information when you apply, please see our Personnel Privacy Notice.
 At Box, we strive to foster a culture of transparency and inclusiveness. We believe in executing quickly, and we are committed to doing the right thing for our end users. We value team members who are life-long learners that express passion around continuous improvement for themselves and the team around them. 

The employee is first at Box. The formula to delight our customers starts with epic features designed by employees that Box constantly demonstrates are our #1 asset—through a dynamic business environment filled with forward-thinking colleagues, modern perks, and additional social activities to encourage everyone to have fun while we 10x Box and reimagine the future of content.  

To learn more about Box, visit: https://www.box.com  


About Box

Box is an enterprise content management platform that solves simple and complex challenges, from sharing and accessing files on mobile devices to sophisticated business processes like data governance and retention.

Since 2005, Box has made it easier for people to securely share ideas, collaborate and get work done faster. Today, more than 41 million users and 74,000 businesses—including 59% of the Fortune 500—trust Box to manage content in the cloud.

Want to learn more about Box? Visit Box's website.