Key skills
PythonGoAILLMAgenticAWSAzureGCPTerraformIAMSplunkSaaSCI/CDCommunicationCollaborationNetwork SecurityCloud SecurityZero Trust
About this role
Box is the leader in Intelligent Content Management, enabling organizations to fuel collaboration and manage content securely. They are seeking a Staff Enterprise Security Engineer to architect and scale security systems that protect Box’s corporate environment, focusing on identity, endpoint, network, and AI-enabled systems.
Responsibilities:
- Design, build, deploy, and maintain comprehensive security systems that protect Box's corporate infrastructure, workforce, and SaaS environments while driving the evolution of our security architecture toward a zero-trust, AI-enabled future
- Architect and implement cutting-edge security solutions across critical enterprise domains including endpoint protection, zero trust networking (ZTNA), identity and privileged access management, SaaS security, and AI-enabled systems
- Lead the transformation of Box's security architecture toward a fully realized zero-trust model, encompassing device trust frameworks, identity-centric access controls, and continuous verification mechanisms
- Design security controls that scale with Box's growth while maintaining operational efficiency and user experience
- Pioneer the adoption of AI-augmented security operations, including LLM-based investigative tooling and automated threat analysis
- Identify and implement opportunities to automate security workflows through scripting, infrastructure-as-code, and orchestration platforms
- Develop self-healing security systems that can detect, respond to, and remediate threats with minimal human intervention
- Lead comprehensive security architecture reviews and risk assessments for enterprise infrastructure changes, SaaS application integrations, and data protection initiatives
- Conduct threat modeling exercises for new technologies and business initiatives, ensuring security is embedded from inception
- Develop and maintain security standards and reference architectures that guide enterprise-wide technology decisions
- Create reusable security patterns and templates that accelerate secure deployment of new services
- Contribute to the strategic direction of Box's enterprise security architecture and long-term technology roadmap
- Partner closely with Incident Response, IT Operations, Infrastructure, and Engineering teams to mature Box's enterprise security function
- Build and maintain security telemetry, monitoring, and investigative tooling that enhances detection, containment, and response capabilities
- Foster a security-first culture across the organization through education, tooling, and collaborative problem-solving
- Mentor and coach junior engineers, sharing expertise in security architecture, threat modeling, and defensive strategies
- Help raise the technical bar across the team through code reviews, architectural discussions, and knowledge sharing
- Build a culture of continuous learning and innovation within the security engineering team
- This role is designed for a forward-thinking security engineer who can balance immediate operational needs with long-term strategic vision
Requirements:
- Bachelor's or Master's degree in computer science, information security or related field
- 8+ years of experience in corporate/enterprise security engineering (endpoint, network security, cloud security, SaaS security, identity, or a combination)
- Deep expertise in macOS security with solid knowledge of Windows and ChromeOS
- Hands-on experience deploying and operating at scale for a combination of below: Device trust and endpoint detection solutions (EDR/XDR), ZTNA/zero trust architectures, VPNs and hybrid/in-office deployments, Identity and access management (IAM/PAM/passwordless authentication), CASB/Secure web gateway, SSPM and DLP solutions
- Strong understanding of emerging security challenges: shadow IT, AI & Agentic identities, SaaS-to-SaaS integrations, browser security and data exfiltration paths
- Experience with security automation using Python, Go, or similar languages
- Proficiency with SIEM platforms (Splunk, Elastic, SumoLogic) for log analysis and rule creation
- Experience securing cloud-native and hybrid environments (AWS, GCP, Azure)
- Familiarity with IaC (Terraform), CI/CD pipelines, and DevSecOps practices
- Understanding of AI security risks and experience securing AI-centric deployments
- Exceptional communication skills with ability to translate complex security topics for all audiences
- Proven ability to work independently with high autonomy, manage ambiguity, and recommend secure but risk profiled decisions