Senior Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Box · 4 hours ago

Senior Security Engineer

positionRedwood City, CA
timeFull-time
remoteHybrid
senioritySenior Level
money$187K/yr - $200K/yr
date5+ years exp

Box is the leader in Intelligent Content Management, enabling organizations to fuel collaboration and transform business workflows with enterprise AI. The Senior Security Engineer will partner with various teams to identify and fix vulnerabilities across multiple platforms, ensuring that Box remains secure while supporting rapid product development.

Cloud ComputingEnterprise SoftwareFile SharingFlash StorageWeb Hosting
check
Growth Opportunities
check
H1B Sponsor Likelynote

Responsibilities

Lead and execute hands-on, technical security assessments at the product and feature level manual code reviews, design reviews, threat models, web & mobile penetration tests, fuzz testing, and vulnerability risk analysis
Discover and validate vulnerabilities (front-end, APIs, microservices, containers), determine exploitability and business impact, and recommend mitigation and secure architecture changes
Secure how Box builds AI products and use AI to make Box products more secure
Build capabilities, modules and mechanisms to eliminate classes of vulnerabilities from Box products and platforms
Produce clear, technical reports and remediation guidance for engineering teams; communicate risk and proposed solutions to technical and non-technical stakeholders
Drive and maintain secure coding requirements, secure design patterns, and bug bars; embed requirements into patterns, platforms, and CI/CD/SAST/DAST workflows
Support and triage submissions for Bug Bounty and VDP programs; coordinate PSIRT handoffs for fixes and incident tracking
Support engineers and security champions; collaborate with Product, Engineering, Security Architecture, Production Security, and Platform Security Tools & Engineering to scale detection and remediation
Participate in our on-call rotation, available at all times while on-call to help respond to and triage any issues that arise

Qualification

Security assessmentsManual penetration testingVulnerability risk analysisJavaBurp SuiteSecure SDLCCommunicatorCommunity involvement

Required

5+ years hands-on experience performing end-to-end security assessments threat modeling, secure code review, and manual penetration testing across web/mobile/API environments
Strong offensive skills manual pentesting, exploitation reasoning, fuzzing, use of tools like Burp Suite; experience with DAST/SAST/fuzz pipelines a plus
Deep practical experience with at least one few of Java, React/JS/TypeScript, Node.js, Python, PHP, Scala, C/C++, Go
Demonstrated ability to find and assess vulnerabilities across front-end, APIs, microservices and mobile applications; understand supply-chain risk and OSS component management
Excellent vulnerability risk analysis skills determine severity, exploitability, and business impact; create concise remediation plans prioritized by exploitation likelihood and business risk
Experience supporting bug bounty / VDP programs (triage, reproducibility, remediation guidance)
Strong communicator able to present technical problems and proposed solutions to engineering teams, product owners, and non-technical stakeholders
Passion for security demonstrated by community involvement (CTFs, Hack The Box, TryHackMe, bug bounty, published CVEs, or personal security projects)
Familiarity with secure SDLC concepts and experience influencing secure-by-design adoption across teams

Benefits

Healthcare benefits
Box Benefits + Perks

Company

Box

twittertwittertwitter
Glassdoor4.3
company-logo
Box is an online file sharing and cloud content management service offering unlimited storage, custom branding, and administrative controls.
dateFounded in 2005
location
Redwood City, California, USA
people-size1001-5000 employees
web-link
http://www.box.com

H1B Sponsorship

Box has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (95)
2024 (93)
2023 (58)
2022 (100)
2021 (109)
2020 (114)

Funding

Current Stage
Public Company
Total Funding
$1.46B
Key Investors
Kohlberg Kravis RobertsFuture FiftyGeneral Atlantic
2024-09-18Post Ipo Debt· $400M
2021-04-08Post Ipo Equity· $500M
2015-01-23IPO

Leadership Team

B
Ben Kus
Chief Technology Officer
linkedin
leader-logo
Dylan Smith
CFO
linkedin

Recent News

Business Insider
AI won't hollow out white-collar jobs, it will fuel growth — says Box CEO Aaron Levie
2025-12-29
Apple Insider
Apple will supply senior managers to advise feds on new US Tech Force
2025-12-19
Cointelegraph
US government ‘tech force’ gets backup from Coinbase, Robinhood
2025-12-17
Company data provided by crunchbase