Team Manager
Application & Product Security
Posted on 1/5/2023

1,001-5,000 employees

Cloud content management and file sharing service
Company Overview
Box is on a mission to make businesses more productive, competitive, and powerful by connecting people and their most important information. The company operates one of the world's largest cloud storage platforms.
Remote • United States
Experience Level
Desired Skills
Software Engineering
  • You understand secure engineering best practices, can articulate problem statements and propose solutions to both technically savvy and non-technical audiences
  • You have experience pen testing web and mobile applications
  • You understand the various threat modeling and pen testing frameworks
  • You have a growth mindset, push yourself towards excellence and focus on continuous functional improvements
  • You are a curious person who looks at problem statements and can clearly propose actionable solutions
  • You have a passion for cyber security demonstrated through participation/leadership in conferences, webinars, Capture the Flag (CTF), TryHackMe, Bug Bounty, Submission of CVEs and/or personal projects
  • Strong understanding of past, current, and emerging security exploits
  • Remote friendly
  • 5+ years of experience with application security, software development, defining security architecture, and implementing software security solutions
  • 5+ years of experience with triaging vulnerabilities, security testing tools, defining security controls and software penetration testing
  • 3+ years of experience with leading technical teams in an application security function
  • Experience working with complex and diverse applications tech stacks
  • Knowledge of OWASP Top 10, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Threat Modeling tools
  • Experience with multiple languages such as Java, React, Node JS, PHP, Scala, C and/or Python
  • Understand how to detect and prioritize vulnerabilities in Front End, API's, Microservices, Mobile and Containers
  • Familiar with common build/automation tooling: ex. Jenkins, GIT
  • Drive technical excellence and implementation of secure engineering practices such as design & code reviews, threat modeling, penetration testing, continuous integration, and security focused behavior-driven development
  • Enhance program strategy for API security, mergers and acquisitions evaluations, and open source security
  • Define strategy and drive implementation of integrated secure practices within software development paved path
  • Lead and develop a highly skilled team of security engineers to deliver measurable outcomes
  • Develop metrics and analysis that identifies the key performance drivers, strategies, and opportunities for enhancements
  • Provide guidance and training on secure coding practices
  • Define and own OKRs that support secure application design strategy
  • Partner with software engineering and product management leaders to define and implement secure development practices and controls