Senior Application Security Engineer
Updated on 2/9/2024
Box

1,001-5,000 employees

Cloud content management and file sharing service
Company Overview
Box is on a mission to make businesses more productive, competitive, and powerful by connecting people and their most important information. The company operates one of the world's largest cloud storage platforms.

Company Stage

N/A

Total Funding

$1.2B

Founded

2005

Headquarters

Redwood City, California

Growth & Insights
Headcount

6 month growth

2%

1 year growth

13%

2 year growth

23%
Locations
Remote in USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
PHP
Python
React.js
Node.js
Java
Scala
CategoriesNew
Software Engineering
Requirements
  • 5+ years of experience with creating secure coding requirements, conducting threat models and pen testing software end-to-end
  • Expert in determining the severity of a vulnerability and their impact to the business
  • Experience with common security testing methodologies, including fuzz testing and using tools like Burp Suite
  • Experience with the process of developing, building, and shipping secure code
  • Understand secure engineering best practices, can articulate problem statements and propose solutions to both technically savvy and non-technical audiences
  • Experience with multiple languages such as Java, React, Node JS, PHP, Scala, C and/or Python to perform secure code reviews
  • Understand how to detect and prioritize Front End, API's, Microservices and Container vulnerabilities
  • Strong understanding of past, current, and emerging security exploits and the TTPs (tactics, techniques, and procedures) threat actor groups leverage
  • Ability to communicate and report to various levels of technical and non-technical stakeholders
Responsibilities
  • Conduct product/feature level Design Reviews, Code Reviews, Threat Modeling, Penetration Testing and Conducing Vulnerability Risk Analysis
  • Lead manual security reviews and create secure coding requirements
  • Discover vulnerabilities through web and mobile penetration testing
  • Evaluate products for how a threat actor could leverage user-facing flows for malicious activity
  • Deliver reports on completed tests and document technical issues identified during the assessments
  • Collaborate with Product, Engineering and broader security teams to provide recommendations for solutions focused on decreasing business risks
  • Support the Bug Bounty/VDP program through triaging submissions and proposing remediations
  • Identify and maintain standards and procedures around the use of open source software
Desired Qualifications
  • Passion for cyber security demonstrated through participation/leadership in webinars, Capture the Flag (CTF), TryHackMe, Hack The Box, Bug Bounty Programs, submission of CVEs and/or personal security projects