Full-Time

Application & Product Security Architect

Confirmed live in the last 24 hours

Box

Box

1,001-5,000 employees

Cloud content management and collaboration platform


Senior, Expert

Remote in USA

Required Skills
Python
Git
Node.js
Java
Requirements
  • At least 10+ years experience in software engineering, architecture and software security
  • 5+ years previous experience leading large software security initiatives and/or transformations
  • Knowledge of OWASP Top 10, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), API Security Testing Tools, Automated Mobile Testing Tools and Threat Modeling tools
  • At least 1 security certification (ex. CISSP, OSCP, GWEB, CEH, GRTP, GWEB)
  • Experience with multiple languages such as Java, React, Node JS, PHP, Scala, C and/or Python
  • Understand how to detect and prioritize Front End, API's, Microservices and Container vulnerabilities
  • Familiar with common build/automation tooling: ex. Jenkins, GIT
Responsibilities
  • Provide subject matter expertise, roadmaps, strategies, reference architectures for application and product security
  • Provide thought leadership in the areas of security tool automation, optimization, application vulnerability management and strategies for risk reduction
  • Create design of comprehensive architectural patterns for secure development standards for front end, APIs and mobile
  • Develop and maintain application security policies, standards, and guidelines, and ensure their adherence across projects.
  • Develop strategy to automate software security vulnerability verification within throughout the development process
  • Collaborate closely with cross-functional architects to identify application-based vulnerabilities, design secure application architectures, and guide the integration of security measures into the development process
  • Create architecture design for tool integrations and implement tooling within CI/CD pipeline, limit manual testing and troubleshooting
  • Lead security engineer and software engineer training related to high risk security risks
  • Evaluate products for security gaps through threat modeling and pen testing
  • Lead M&A security evaluations

Box is a Cloud Content Management platform offering secure collaboration, powerful e-signatures, simplified workflows, 1,500+ app integrations, an open platform with APIs and SDKs, content migration tool, and admin controls. It serves over 87,000 businesses globally, including AstraZeneca, General Electric, P&G, and The GAP.

Company Stage

IPO

Total Funding

$1.2B

Headquarters

Redwood City, California

Founded

2005

Growth & Insights
Headcount

6 month growth

5%

1 year growth

7%

2 year growth

24%

Benefits

Health and Wellness

Family Support

Generous Time Off

Financial Benefits

Community

Evolving Workplace