We have a unique opportunity to architect and design the Core services that power Box. We are transitioning to a platform architecture, built on services and APIs, and designing frameworks and architectural components to improve engineering productivity and enable our teams to build scalable and highly available services. Our frameworks and common components will help engineers rapidly test and build services, and provide seamless integration between other services, our caching layer and our distributed backend storage. The framework is also essential to build the platform API architecture (gateway, routing, batching, etc.).

This role will have a significant impact on the future of Box’s security architecture, as well as the future of many security products our Product Security & Identity team is responsible for.  This position has a wide scope – all the way from designing a new scalable security architecture to helping design and drive forward our key security features. We are looking for big thinkers and innovators to take on this problem space and deliver world class solutions. We are a passionate team that thinks big and is not afraid of challenging problems. If these challenges excite you, come join us.

Some of the Areas covered by the team:

• Federated identity management, authentication and authorization
• Anomalous behavior / account takeover detection and prevention
• Malware protection, Content Security Scanning, Content exfiltration prevention
• Secrets management

Responsibilities:

• You will collaborate with senior engineering leaders and engineers across organizations and disciplines to guide the end-to-end platform security architecture at Box.
• You will architect security, authentication and authorization frameworks, components and the necessary tooling to help other engineers build scalable, HA services.
• You will work with the engineers of the Product Security and Identity team on a number of the team’s areas
• You will provide product, process and architecture thought leadership and evangelize good security practices
• You’ll help us figure out effective tenant isolation, storage encryption, network segmentation

Qualifications:

• 12+ years of software development experience.
• Designed/implemented Identity & Access Management (IAM) solutions for identity management, identity federation and authenticating/authorizing access to system resources; Experience with identity-related industry standards (e.g. SCIM, Open ID Connect, SAML, JWT, OAUTH) and related technologies to manage identity in distributed, web-scale systems
• Experience designing an end-to-end platform security architecture to secure API call chains in a distributed, highly scalable, highly available multi data center system architecture accessible by 1st, 2nd and 3rd party API consumers
• Experience using security tokens for internal identity representation in a distributed service-oriented architecture
• Familiarity with architecture strategies to achieve high availability for identity management systems in a web-scale, multi data center architecture
• Experience designing application access control solutions using industry access control models (e.g. RBAC, ABAC) and supporting technologies to authorize access to complex user data; Familiarity with industry access control standards (e.g. XACML)
• Experience making tradeoffs between product velocity and overall security, as well as ability to line up the organization behind these

Bonus:

•  Experience in a fast paced, highly collaborative environment.
•  Demonstrated experience in a SaaS engineering environment.

Find out about our engineering team

•  Tech blog (http://tech.blog.box.com/)
• Open source projects (http://opensource.box.com/)
•  Developer Platform: https://developers.box.com/

Follow us at www.twitter.com/BoxEng and www.youtube.com/boxeng.