Box · 2 days ago
Senior Application Security Engineer
Wonder how qualified you are to the job?
Cloud ComputingEnterprise Software
Insider Connection @Box
Responsibilities
Conduct product/feature level Design Reviews, Code Reviews, Threat Modeling, Penetration Testing and Conducing Vulnerability Risk Analysis
Lead manual security reviews and create secure coding requirements
Discover vulnerabilities through web and mobile penetration testing
Evaluate products for how a threat actor could leverage user-facing flows for malicious activity
Deliver reports on completed tests and document technical issues identified during the assessments
Collaborate with Product, Engineering and broader security teams to provide recommendations for solutions focused on decreasing business risks
Support the Bug Bounty/VDP program through triaging submissions and proposing remediations
Identify and maintain standards and procedures around the use of open source software
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
5+ years of experience with creating secure coding requirements, conducting threat models and pen testing software end-to-end
Passionate about working with developers to help them develop code securely
Expert in determining the severity of a vulnerability and their impact to the business
Expert with common security testing methodologies, including fuzz testing and using tools like Burp Suite
Experience with the process of developing, building, and shipping secure code
Understand secure engineering best practices, can articulate problem statements and propose solutions to both technically savvy and non-technical audiences
Experience with multiple languages such as Java, React, Node JS, PHP, Scala, C and/or Python to perform secure code reviews
Understand how to detect and prioritize Front End, API's, Microservices and Container vulnerabilities
Passion for cyber security demonstrated through participation/leadership in webinars, Capture the Flag (CTF), TryHackMe, Hack The Box, Bug Bounty Programs, submission of CVEs and/or personal security projects
Strong understanding of past, current, and emerging security exploits and the TTPs (tactics, techniques, and procedures) threat actor groups leverage
Ability to communicate and report to various levels of technical and non-technical stakeholders
Company
Box
Box is an online file sharing and cloud content management service offering unlimited storage, custom branding, and administrative controls.
H1B Sponsorship
Box has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Trends of Total Sponsorships
2023 (42)
2022 (88)
2021 (118)
2020 (109)
Funding
Current Stage
Public CompanyTotal Funding
$1.06BKey Investors
Kohlberg Kravis RobertsFuture FiftyGeneral Atlantic
2021-04-08Post Ipo Equity· $500M
2015-01-23IPO· nyse:BOX
2014-07-01Series G· $150M
Recent News
2024-06-04
2024-05-29
Company data provided by crunchbase