Staff Security Engineer

Box (NYSE : BOX) is the leader in Intelligent Content Management. Our platform enables organizations to fuel collaboration, manage the entire content lifecycle, secure critical content, and transform business workflows with enterprise AI. We help companies thrive in the new AI-first era of business. Founded in 2005, Box simplifies work for leading global organizations, including AstraZeneca, JLL, Morgan Stanley, and Nationwide. Box is headquartered in Redwood City, CA, with offices across the United States, Europe, and Asia.

By joining Box, you will have the unique opportunity to continue driving our platform forward. Content powers how we work. It’s the billions of files and information flowing across teams, departments, and key business processes every single day : contracts, invoices, employee records, financials, product specs, marketing assets, and more. Our mission is to bring intelligence to the world of content management and empower our customers to completely transform workflows across their organizations. With the combination of AI and enterprise content, the opportunity has never been greater to transform how the world works together and at Box you will be on the front lines of this massive shift.

Why Box needs you :

We are seeking a highly skilled and visionary Staff Security Engineer to lead the security strategy and implementation for Generative AI and Agentic AI technologies within Box's platform. You will be instrumental in designing, developing, and operationalizing security controls that address the novel risks introduced by autonomous AI agents and generative models. Additionally, you will drive strategic initiatives to leverage LLMs to enhance our secure development lifecycle. Your work will ensure that Box remains a trusted leader in AI-powered content management by embedding security-by-design principles into all AI features and tooling.

What you'll do :

• Lead the design and implementation of security architectures specifically tailored for Generative AI and Agentic AI systems, including agentic identity models, least privilege access, runtime guardrails, and audit logging.
• Develop threat modeling approaches adapted for dynamic, non-deterministic AI agent behaviors, identifying autonomy-related risks such as prompt injection, tool misuse, agent impersonation, and multi-agent system attacks.
• Build and integrate advanced security tooling and automation to detect, prevent, and respond to AI-specific vulnerabilities across the development lifecycle, including adversarial testing frameworks for AI agents.
• Spearhead the strategy for integrating LLMs into the secure development lifecycle, including code review automation, vulnerability detection, and security documentation generation.
• Design and implement AI-powered security tools that can analyze code, identify potential vulnerabilities, and recommend secure coding patterns at scale.
• Lead proof-of-concept initiatives to demonstrate how generative AI can improve security posture through automated threat modeling, security testing, and developer education.
• Collaborate closely with product, engineering, and compliance teams to embed secure-by-default configurations and user consent checkpoints for sensitive AI actions involving PII, PHI, or critical business decisions.
• Drive continuous improvement of AI security posture by researching emerging attack vectors like model poisoning, untrusted code execution, and supply chain risks related to open-source AI frameworks.
• Mentor and guide other engineers on secure AI development practices and contribute to organizational knowledge sharing around AI risk mitigation strategies.

Who you are :

Experience working with Security Architecture patterns and context-aware access control mechanisms.

Percentage of Time Spent :

40% building the AI Security program

30-40% leading a strategy for building capabilities of generative AI

20-30% partnership with the Engineering Teams

Box lives its values, with community and in-person collaboration being a core part of our culture. Boxers are expected to work from their assigned office a minimum of 2 days per week, with a focus on Tuesdays and Thursdays. Your Recruiter will share more about how we work and company culture during the hiring process.

EQUAL OPPORTUNITY

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability, and any other protected ground of discrimination under applicable human rights legislation.

Accepted file types : pdf, doc, docx, txt, rtf

Enter manually

Accepted file types : pdf, doc, docx, txt, rtf

LinkedIn Profile

Website

How did you hear about this job?

Do you now, or will you in the future, require sponsorship for employment visa status (e.g., H-1B visa status, etc.) to work legally for Box in Poland?

In what City, State / Province, Country and Zip Code are you currently residing?

Have you ever been employed at Box, including working as a contractor, intern, grad, or full-time employee?

By checking this box, I agree to allow Box to store and process my data for the purpose of considering my eligibility regarding my current application for employment.

#J-18808-Ljbffr