Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal.
By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 97,000 businesses, including 70% of the Fortune 500 who trust Box to manage their content in the cloud.
WHY BOX NEEDS YOU?
As Box continues to grow at an exponential rate, the pace of change that we are building into our platform could easily outpace the traditional ways that security organizations are setup. Security Engineering at Box is part of a new and more modern approach to security, covering the full spectrum of Build, Attack, and Defend and working closely with our engineering partners to incorporate security into the DNA of everything that we do.
As part of our team, you'll be securing an environment that processes hundreds of billions of events per week, ingests hundreds of terabytes of data per week, and handles tens of thousands of database queries per month.
We are looking for a seasoned data security engineer to join as a core and foundingmember of this new team and focus on solving complex Security Engineering challenges, challenges that will only grow as Box hits exabyte scale. This role will directly impact the experience of Boxâs 85 million users and Boxâs ability to scale profitably as we grow.
Are looking for an opportunity to be a foundingmember of a team taking a modern approach to security
Are excited by an opportunity to secure the Box platform against ongoing external threats
Are passionate about security challenges related to building and operating large enterprise production at scale
Love to get close to the technology
Enjoy mentoring and coaching
WHAT YOU'LL DO
Design and implement security capabilities covering key management, encryption, de-anonymization, data masking, tokenization, auditing and governance
Build authorization frameworks to provide fine grained and data centric access controls
Design and develop solutions to secure communication and data sharing in a globally distributed service
Provide security expertise and guidance on metadata management, data tagging, and security focused data analytics
Perform hands-on threat modeling, risk assessment, and data security validation
Design and develop mechanisms to provide safety and security for advanced database features like cloning, replication, data sharing, procedure execution
Lead security awareness and training with other engineering teams to foster a culture of security on every team
Support and grow a high performing organization that is building the services that stop attackers and help drive preventative measures throughout Box's systems and production environment
WHO YOU ARE
5+ years of experience designing and building data and storage systems at an enterprise scale
5+ years of industry experience developing and implementing fundamental security features and solutions with data and storage systems using their knowledge of industry standard security frameworks such as CIS, NIST, ISO, SOC2, etc.
Extremely strong fundamental computer science skills and experience working with MySQL, HBase, Hadoop, and Bigtable
Experience working within cloud security architecture (GCP/AWS)
Hands on experience with Cloud Access Security Broker (CASB), and Data Activity Monitoring
Excellent interpersonal skills, whether writing an email, explaining technical details to a colleague, or presenting to a room full of engineers, as well as broad experience engaging with the customers
Expertise in securing data using methods such as: encryption, IAM, secrets management
Experience hardening protectionsat the endpoint where access to services must be authenticated, authorized, and encrypted instead of solely relying on the protections at the network perimeter
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.