200+ applicants

Company

Original Job Post

Box · 2 days ago

Senior Application Security Engineer

United States

Full-time

Remote

Senior Level

$154K/yr - $226K/yr

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Cloud ComputingEnterprise Software

H1B Sponsorship

Growth Opportunities

Insider Connection @Box

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Conduct product/feature level Design Reviews, Code Reviews, Threat Modeling, Penetration Testing and Conducing Vulnerability Risk Analysis

Lead manual security reviews and create secure coding requirements

Discover vulnerabilities through web and mobile penetration testing

Evaluate products for how a threat actor could leverage user-facing flows for malicious activity

Deliver reports on completed tests and document technical issues identified during the assessments

Collaborate with Product, Engineering and broader security teams to provide recommendations for solutions focused on decreasing business risks

Support the Bug Bounty/VDP program through triaging submissions and proposing remediations

Identify and maintain standards and procedures around the use of open source software

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Secure codingThreat modelsPen testingSecurity testing methodologiesFuzz testingBurp SuiteSecure engineering bestCode reviewsCyber securityWebinarsCapture the FlagTryHackMeHack The BoxBug Bounty ProgramsCVEsSecurity exploitsTTPsPassionateCommunicate

Required

5+ years of experience with creating secure coding requirements, conducting threat models and pen testing software end-to-end

Passionate about working with developers to help them develop code securely

Expert in determining the severity of a vulnerability and their impact to the business

Expert with common security testing methodologies, including fuzz testing and using tools like Burp Suite

Experience with the process of developing, building, and shipping secure code

Understand secure engineering best practices, can articulate problem statements and propose solutions to both technically savvy and non-technical audiences

Experience with multiple languages such as Java, React, Node JS, PHP, Scala, C and/or Python to perform secure code reviews

Understand how to detect and prioritize Front End, API's, Microservices and Container vulnerabilities

Passion for cyber security demonstrated through participation/leadership in webinars, Capture the Flag (CTF), TryHackMe, Hack The Box, Bug Bounty Programs, submission of CVEs and/or personal security projects

Strong understanding of past, current, and emerging security exploits and the TTPs (tactics, techniques, and procedures) threat actor groups leverage

Ability to communicate and report to various levels of technical and non-technical stakeholders

Company

Box

Glassdoor

4.3

Box is an online file sharing and cloud content management service offering unlimited storage, custom branding, and administrative controls.

Founded in 2005

Redwood City, California, USA

1,001-5,000 employees

http://www.box.com

H1B Sponsorship

Box has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Trends of Total Sponsorships

2023 (42)

2022 (88)

2021 (118)

2020 (109)