This job listing is archived

Staff Offensive Security Engineer


4 months ago

Job type: Full-time

Remote (USA Only)

Hiring from: USA Only

Category: DevOps / Sysadmin

Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal. 
By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 98,000 businesses, including 69% of the Fortune 500 who trust Box to manage their content in the cloud. 

Box is a recognized leader in the cloud security space. We understand that security is an ever-evolving landscape of vulnerabilities, new techniques, and best practices, so we're doubling down our efforts. We're in search for a staff offensive security engineer who thinks like an attacker, executes organized red team attacks against Box and our partners with Security, Product, IT and Engineering teams and help support fixing the issues identified.

Open to Austin, TX or US Remote
  • Plan and lead red team exercise operations against the corporation for the purpose of training incident response teams
  • Plan and lead purple teaming exercises in collaboration with Incident response teams.
  • Network and host penetration testing.
  • Develop tools and maintain red team's operational infrastructure.
  • Tracking and researching the latest attacks and how they might apply to our environments.
  • Document and present results to a variety of target audiences, ranging from highly technical engineers over to non-technical subject matter experts to senior leadership.
  • Develop the red team roadmap and drive the direction for the red team program as a whole 
  • Formal education in information security, including undergraduate, graduate, or training certifications (OSCP, OSCE, SANS, etc)
  • 5+ years of offensive security responsibilities
  • 2+ years of non-consulting offensive security responsibilities
  • 2+ years of experience in informations security, network security, systems security, IT or software engineering roles
  • Preferred Skills
    • Extensive offensive security knowledge and penetration testing experience in numerous areas including web applications, networks, and infrastructure (cloud and on-prem). 
    • Experience performing reconnaissance, exploitation and privilege escalation aimed at compromising networks/applications/individuals. 
    • Knowledge with common threat modeling approaches and enterprise attack surfaces. 
    • Comfortable scripting, writing tools and malware to automate repeatable tasks.
    • Previous experience in leading or managing offensive security engagements (red team/ethical hacking)
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
For details on how we protect your information when you apply, please see our Personnel Privacy Notice.

Before you apply, please check if any restrictions apply in terms of time zone or country.

This job has a geo-restriction in place: USA Only.

This job listing is archived

Please mention that you come from Remotive when applying for this job.

Does this job need an edit? 🙈

similar jobs

Remotive can help!

Not sure how to apply properly to this job? Watch our live webinar « 3 Mistakes to Avoid When Looking For A Remote Startup Job (And What To Do Instead) ».

Interested to chat with Remote workers? Join our community!