Senior Application Security Engineer

January 20

Box Inc Deutschland

WebsiteLinkedInAll Job Openings

Der clevere Karton-Marktplatz

Packaging • Price Comparison • Corrugated Packaging

11 - 50

Description

• Conduct product/feature level Design Reviews, Code Reviews, Threat Modeling, Penetration Testing and Conducing Vulnerability Risk Analysis • Lead manual security reviews and create secure coding requirements • Discover vulnerabilities through web and mobile penetration testing • Evaluate products for how a threat actor could leverage user-facing flows for malicious activity • Deliver reports on completed tests and document technical issues identified during the assessments • Collaborate with Product, Engineering and broader security teams to provide recommendations for solutions focused on decreasing business risks • Support the Bug Bounty/VDP program through triaging submissions and proposing remediations • Identify and maintain standards and procedures around the use of open source software

Requirements

• 5+ years of experience with creating secure coding requirements, conducting threat models and pen testing software end-to-end • Passionate about working with developers to help them develop code securely • Expert in determining the severity of a vulnerability and their impact to the business • Expert with common security testing methodologies, including fuzz testing and using tools like Burp Suite • Experience with the process of developing, building, and shipping secure code • Understand secure engineering best practices, can articulate problem statements and propose solutions to both technically savvy and non-technical audiences • Experience with multiple languages such as Java, React, Node JS, PHP, Scala, C and/or Python to perform secure code reviews • Understand how to detect and prioritize Front End, API's, Microservices and Container vulnerabilities • A passion for cyber security demonstrated through participation/leadership in webinars, Capture the Flag (CTF), TryHackMe, Hack The Box, Bug Bounty Programs, submission of CVEs and/or personal security projects • Strong understanding of past, current, and emerging security exploits and the TTPs (tactics, techniques, and procedures) threat actor groups leverage • Ability to communicate and report to various levels of technical and non technical stakeholders

Benefits

• Competitive salary • Equity • Healthcare benefits • Additional Box Benefits + Perks