Senior Security Engineer (Product and Platform Security) at Box

Warsaw, Masovian Voivodeship, Poland

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Technology, Content Management, Enterprise SoftwareIndustries

Requirements

Strong software development skills in one or more languages (e.g., Python, Go, Java, or TypeScript) and a track record of building production systems
Hands-on background in security engineering or DevSecOps—integrating security controls into CI/CD, automating assessments, and improving developer workflows
Practical experience with supply chain security concepts and tools (e.g., SLSA, Sigstore, SBOM, artifact signing, provenance, dependency hygiene)
Familiarity with application security techniques such as fuzzing, dynamic/static analysis
Approach work with a growth mindset and leverage AI to make faster, smarter decisions

Responsibilities

Design, build, and operate security automation for the SDLC (e.g., code scanning, dependency risk management, secrets detection, policy-as-code) integrated into CI/CD
Develop and maintain software supply chain protections, including SBOM generation/verification, artifact signing/attestation, and provenance enforcement
Create programmable “security agents” and backend services that continuously test, fuzz, and validate product and platform components
Partner with product and platform engineering to embed security-by-design patterns, drive threat modeling, and land pragmatic guardrails that unblock developers
Deliver an MVP within your first quarter in an agreed focus area (e.g., supply chain, fuzzing framework, or SDLC agent), then iterate based on measurable outcomes
Use data and telemetry to measure control effectiveness; build dashboards and alerts that turn signals into action
Contribute to and/or lead open source efforts that advance our security posture and the broader community
Document designs, runbooks, and APIs; mentor engineers and champion secure engineering practices

Skills

Key technologies and capabilities for this role

Security EngineeringSoftware Supply Chain SecuritySDLCCI/CDInfrastructure SecurityAutomationAICode SecurityRisk DetectionRemediation

Questions & Answers

Common questions about this position

What is the location for this Senior Security Engineer role?

The role is part of the Product & Platform Security Engineering team growing in Warsaw.

What salary or compensation does this position offer?

This information is not specified in the job description.

What are the key responsibilities for this Senior Security Engineer role?

Key responsibilities include designing and operating security automation for SDLC like code scanning and secrets detection, developing software supply chain protections such as SBOM generation, creating security agents for testing and validation, partnering with engineering teams on security-by-design, delivering an MVP in the first quarter, and using data for measuring effectiveness.

What is the company culture like at Box for this team?

This is a high-impact role with visibility, ownership, and the opportunity to shape Box’s next generation of security engineering, emphasizing collaboration to power how the world works together.

What makes a strong candidate for this Senior Security Engineer position?

Strong candidates should have hands-on experience across code, infrastructure, and CI/CD, with the ability to design secure-by-default tooling, deliver an MVP quickly, and leverage AI and data for security outcomes.

Box

Cloud-based content management and collaboration solutions

About Box

Box provides cloud-based content management and collaboration solutions that enable businesses to securely manage, share, and collaborate on their content. The platform offers features such as secure file storage, sharing, and collaboration tools, along with advanced functionalities like Box AI for Notes and Box AI for Documents, which utilize artificial intelligence to enhance productivity by providing instant answers and content creation capabilities. Unlike many competitors, Box focuses on a subscription-based model that allows clients to choose tailored pricing plans based on their specific needs, ensuring a good return on investment. The company's goal is to transform how people work together by offering a simple, secure, and efficient way to manage content in the cloud, while fostering a customer-centric approach and encouraging diverse ideas within its workforce.

Redwood City, CaliforniaHeadquarters

2005Year Founded

$548.7MTotal Funding

IPOCompany Stage

Enterprise Software, AI & Machine LearningIndustries

1,001-5,000Employees

Benefits

Health and Wellness

Family Support

Generous Time Off

Financial Benefits

Community

Evolving Workplace

Risks

Box faces strong competition from Amazon, Alphabet, and Microsoft.

Economic downturns may lead to reduced subscription revenue for Box.

AI integration may face data privacy and regulatory compliance challenges.

Differentiation

Box integrates AI to enhance content management and collaboration capabilities.

Box offers tailored solutions for diverse industries, including legal and government sectors.

Box's global presence, especially in APAC, strengthens its market position.

Upsides

Box's AI integration with Microsoft 365 Copilot enhances user experience and data management.

Box's collaboration with Bubo Defense expands its AI capabilities and partnerships.

Box Hubs streamlines enterprise content management with advanced AI technologies.

Land your dream remote job 3x faster with AI

Try Jobo Free