Senior Application Security Engineer

$154,000 - $226,500/Yr

Box Incorporated - State College, PA

posted about 1 month ago

Full-time - Senior
State College, PA
10,001+ employees
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

Box is seeking a Senior Application Security Engineer to proactively identify security gaps and collaborate with development teams to enhance security measures. This role involves conducting security assessments, including design reviews, code reviews, and penetration testing, to ensure secure development practices are followed across the organization.

Responsibilities

  • Conduct product/feature level Design Reviews, Code Reviews, Threat Modeling, and Penetration Testing.
  • Lead manual security reviews and create secure coding requirements.
  • Discover vulnerabilities through web and mobile penetration testing.
  • Evaluate products for potential malicious activities by threat actors.
  • Deliver reports on completed tests and document technical issues identified during assessments.
  • Collaborate with Product, Engineering, and broader security teams to provide recommendations for solutions focused on decreasing business risks.
  • Support the Bug Bounty/VDP program through triaging submissions and proposing remediations.
  • Identify and maintain standards and procedures around the use of open source software.

Requirements

  • 5+ years of experience with creating secure coding requirements, conducting threat models, and pen testing software end-to-end.
  • Expert in determining the severity of a vulnerability and their impact to the business.
  • Expert with common security testing methodologies, including fuzz testing and using tools like Burp Suite.
  • Experience with the process of developing, building, and shipping secure code.
  • Understanding of secure engineering best practices and ability to articulate problem statements and propose solutions to both technical and non-technical audiences.
  • Experience with multiple programming languages such as Java, React, Node JS, PHP, Scala, C, and/or Python for secure code reviews.
  • Ability to detect and prioritize Front End, API, Microservices, and Container vulnerabilities.
  • Strong understanding of past, current, and emerging security exploits and the TTPs (tactics, techniques, and procedures) used by threat actor groups.
  • Ability to communicate and report to various levels of technical and non-technical stakeholders.

Nice-to-haves

  • Participation/leadership in webinars, Capture the Flag (CTF), TryHackMe, Hack The Box, Bug Bounty Programs, submission of CVEs, and/or personal security projects.

Benefits

  • Equity and benefits package
  • Healthcare benefits
  • Flexible work hours
  • Diversity and inclusion initiatives
  • Reasonable accommodations for applicants with disabilities

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service