Application Security Tooling Engineer
Box
·
Posted:
August 25, 2023
·
Onsite
About the position
Box is seeking an engineer who specializes in onboarding and optimizing security scanning tools. The ideal candidate will have experience with dynamic, static, and open source application security testing, as well as API and container security scanning. They will be responsible for enhancing and automating the testing process, reducing false positives, and developing strategies for vulnerability verification. This role requires a strong understanding of secure engineering practices and the ability to communicate effectively with both technical and non-technical stakeholders.
Responsibilities
- Own and propose data-driven enhancement strategies for dynamic (DAST), static (SAST), open source application security testing (SCA), API security scanning, and container security scanning
- Troubleshoot and continuously improve security scanning tools
- Provide thought leadership in security tool automation, optimization, application vulnerability management, and strategies for automated risk reduction
- Create architecture design for tool integrations and implement tooling within CI/CD pipeline
- Develop strategies to automate software security vulnerability verification throughout the development process
- Build security scanning tools to automate the discovery of vulnerabilities not available in existing tooling
- Analyze designs and implementation of security controls in Automated DevOps environments and pipelines
- Understand secure engineering best practices and articulate problem statements and propose solutions
- Have a growth mindset and focus on continuous functional improvements
- Curiosity in looking at problem statements and providing clear solutions.
Requirements
- Experience in onboarding and optimizing SAST, DAST, and SCA tools
- Familiarity with automated scanning methodologies and ability to build scanning tools
- Ability to onboard, optimize, and automate testing solutions for security vulnerabilities
- Proficiency in optimizing output from security scanning tools to reduce false positives
- Knowledge of data-driven enhancement strategies for dynamic, static, open source application security testing, API security scanning, and container security scanning
- Thought leadership in security tool automation, optimization, and application vulnerability management
- Experience in creating architecture design for tool integrations and implementing tooling within CI/CD pipeline
- Ability to automate software security vulnerability verification throughout the development process
- Proficiency in building security scanning tools to automate discovery of vulnerabilities
- Understanding of security controls in Automated DevOps environments and pipelines
- Strong understanding of secure engineering best practices
- Ability to articulate problem statements and propose solutions to both technical and non-technical audiences
- Passion for secure software development and building high-quality applications and services
- Growth mindset and focus on continuous functional improvements
- Curiosity and ability to analyze problem statements clearly
Benefits
- Opportunity to work with a market leader in Cloud Content Management
- Chance to contribute to the digital transformation of enterprise organizations
- Single platform for secure content management, collaboration, and workflow
- Trusted by 69% of the Fortune 500 companies
- Ownership and proposal of data-driven enhancement strategies
- Thought leadership in security tool automation and application vulnerability management
- Architecture design and implementation within CI/CD pipeline
- Automation of software security vulnerability verification
- Opportunity to build security scanning tools
- Analysis of security controls in Automated DevOps environments and pipelines
- Opportunity to work with a passionate and growth-minded team
- Exposure to cyber security through conferences, webinars, and personal projects
- Strong understanding of past, current, and emerging security exploits
- Equal opportunity employer that values diversity and does not discriminate