Software Engineer III, Identity & Security Foundation

Box•Redwood City, CA

3h•Onsite

About The Position

Box (NYSE:BOX) is the leader in Intelligent Content Management. Our platform enables organizations to fuel collaboration, manage the entire content lifecycle, secure critical content, and transform business workflows with enterprise AI. We help companies thrive in the new AI-first era of business. Founded in 2005, Box simplifies work for leading global organizations, including AstraZeneca, JLL, Morgan Stanley, and Nationwide. Box is headquartered in Redwood City, CA, with offices across the United States, Europe, and Asia. By joining Box, you will have the unique opportunity to continue driving our platform forward. Content powers how we work. It’s the billions of files and information flowing across teams, departments, and key business processes every single day: contracts, invoices, employee records, financials, product specs, marketing assets, and more. Our mission is to bring intelligence to the world of content management and empower our customers to completely transform workflows across their organizations. With the combination of AI and enterprise content, the opportunity has never been greater to transform how the world works together and at Box you will be on the front lines of this massive shift. The Identity and Security Foundation (ISF) team serves as the gatekeeper of Box. Every request to access Box services must be authenticated through one of the systems we manage. We are responsible for all authentication flows at Box—including web, API, microservice-to-microservice, and SSO. Our team governs, architects, and builds the authentication infrastructure that underpins Box’s security. As Box evolves into an AI-powered content platform, ISF is at the forefront of securing the next generation of intelligent experiences. We are extending identity and access foundations to support AI services, ensuring secure interactions between users, applications, and AI agents while protecting customer data and enabling trustworthy AI adoption at scale. Whether it's scaling systems to handle billions of requests per day, developing new capabilities to deliver seamless security, reimagining passwords for a multi-device world, or building secure foundations for AI-driven workflows, we empower Box’s rapid growth. The modern, secure, and reliable services and frameworks we create are critical to realizing Box’s ambitious vision.

Requirements

3+ years of professional software engineering experience working primarily with Java or PHP in production environments.
Bachelor’s degree in Computer Science or related field—or equivalent practical experience—with strong fundamentals in software development concepts.
Solid understanding of modern authentication mechanisms like MFA, SSO, OAuth 2.0 flows, and JWT token management, including scope and permission enforcement.
Experience building RESTful APIs or microservices architectures with an emphasis on security best practices.
Comfortable collaborating across teams to translate requirements into technical designs that balance security needs with user experience.
You understand how to balance security concerns alongside system performance and usability without compromising quality.
Box lives its values, with community and in-person collaboration being a core part of our culture. Boxers are expected to work from their assigned office a minimum of 3 days per week, with a focus on Tuesdays, Wednesdays and Thursdays. Your Recruiter will share more about how we work and company culture during the hiring process.
At Box, we believe unique and diverse experiences benefit our culture, our products, our customers, our company, and our world. We aim to recruit a passionate, high-performing workforce that reflects the world we live in. If you are head-over-heels about this role but unsure if you meet all the requirements, we encourage you to apply!

Responsibilities

Design, develop, and maintain secure and scalable authentication and authorization systems using technologies like Java, PHP, Docker, and Kubernetes.
Build high-quality microservices focused on security features such as MFA, SSO, OAuth2.0, OIDC, JWT Auth, token management, scopes and permissions.
Collaborate closely with cross-functional teams including product managers and other engineers to deliver reliable solutions aligned with business needs.
Contribute to code reviews and help improve team best practices around security standards and software quality.
Troubleshoot production issues related to authentication services; implement fixes while balancing performance and usability.
Participate in architectural discussions by providing input based on hands-on experience with secure web service design.
Mentor junior engineers by sharing knowledge about secure coding patterns and system design principles.
Participate in our on-call rotation, available at all times while on-call to help respond to and triage any issues that arise.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume