Remote Senior Application Security Engineer

Summary

Join Box as a Senior Application Security Engineer to proactively find security gaps and partner with development teams to close those gaps quickly. You will own the end-to-end secure development requirements, discovery of vulnerabilities through PenTesting and identifying remediation tactics specific to the product tech stack.

Requirements

• 5+ years of experience with creating secure coding requirements, conducting threat models and pen testing software end-to-end
• Passionate about working with developers to help them develop code securely
• Expert in determining the severity of a vulnerability and their impact to the business
• Expert with common security testing methodologies, including fuzz testing and using tools like Burp Suite
• Experience with the process of developing, building, and shipping secure code
• Understand secure engineering best practices, can articulate problem statements and propose solutions to both technically savvy and non-technical audiences
• Experience with multiple languages such as Java, React, Node JS, PHP, Scala, C and/or Python to perform secure code reviews
• Understand how to detect and prioritize Front End, API's, Microservices and Container vulnerabilities
• You have a passion for cyber security demonstrated through participation/leadership in webinars, Capture the Flag (CTF), TryHackMe, Hack The Box, Bug Bounty Programs, submission of CVEs and/or personal security projects
• Strong understanding of past, current, and emerging security exploits and the TTPs (tactics, techniques, and procedures) threat actor groups leverage
• Ability to communicate and report to various levels of technical and non-technical stakeholders

Responsibilities

• Conduct product/feature level Design Reviews, Code Reviews, Threat Modeling, Penetration Testing and Conducing Vulnerability Risk Analysis
• Lead manual security reviews and create secure coding requirements
• Discover vulnerabilities through web and mobile penetration testing
• Evaluate products for how a threat actor could leverage user-facing flows for malicious activity
• Deliver reports on completed tests and document technical issues identified during the assessments
• Collaborate with Product, Engineering and broader security teams to provide recommendations for solutions focused on decreasing business risks
• Support the Bug Bounty/VDP program through triaging submissions and proposing remediations
• Identify and maintain standards and procedures around the use of open source software

Benefits

• Healthcare benefits
• Additional Box Benefits + Perks