Listing Description

Unpack your Potential at Boxed!

Boxed is made up of a vibrant and fun group of engineers, designers, marketers, salespeople, and operations specialists... just to name a few! We work with passion for driving superior value and experience to our customers. Our customers choose to buy from Boxed because we save them time and money, which in turn makes their lives easier. That’s where you come in!

We're seeking an experienced Lead AppSec and Cloud Security Engineer to join our technology operations and security team and take ownership and responsibility for the management and monitoring of all Cloud-specific Security initiatives as well as overall technology security preparation and resilience. This role will report to the Head of Information Security. 

You will...

• Design and develop Google Cloud-specific security policies, standards and procedures


• Implement and manage application vulnerability assessments automation


• Conduct application threat modeling and security assessments including penetration testing of web and mobile applications (iOS and Android)


• Support secure application development practices and a secure development mentality


• Identify, communicate, and provide targeted remediation of vulnerabilities


• Develop and update security patterns aligned with security requirements


• Identify application security requirements for projects


• Coordinate and collaborate with multiple teams to ensure the confidentiality, integrity, and availability of assets that meets business needs


• Perform other security-related projects that may be assigned according to skills


• Be responsible for DevSecOps - integrating security into CI/CD pipelines


• Be responsible for Automation of security controls and standards.

Requirements:

• Familiarity with Jenkins based CI/CD Pipelines


• Familiarity with Google Cloud Policy, Configuration, and Security Management tools


• Working experience to implement and test automation scripts and setups


• Familiar with integrating security tools and providing vulnerability assessments


• Leveraging tools such as Burp Suite Enterprise, Snyk, Lacework, Wiz, OWASP ZAP


• Understanding of OWASP Top 10 and SANS Top 25 vulnerabilities and how to remediate


• Working knowledge of using API to interact with web services provided by tools


• Conduct tool evaluations and build proof of concepts


• Integrate with reporting tools to provide consolidated view


• Ability to turn technical standards into working practice


• Assist in driving consistency and standardization of DevSecOps services across the enterprise


• Strong Automation, IaaC skills (Terraform)


• Contribute to security and compliance audits including PCI, ISO-27001, and SOC2


• Experience using a Log Aggregation Platform


• Maintain documentations and user guides


• Knowledge of security within cloud environment, especially around networking, security and administration


• A motivated and flexible approach to work in an adapting fast-moving Agile environment


• Can demonstrate strong performance ethos and personal commitment for outstanding customer service


• Ability to interface with both technical and non-technical teams


• Willingness to train and up-skill on a continuous basis


• Excellent communication, time management and organizational skills.

Benefits & Perks:

• Working with smart and innovation focused people, within a collegial and collaborative culture


• Competitive salary


• Stock options


• Unlimited vacation


• Full healthcare benefits 


• 6 month paid maternity/paternity leave. 

All about these Boxed Boxes!

Boxed was launched in our CEO’s garage in 2013 by our four founders; an eclectic group of experienced tech pioneers. They had a simple idea: to make shopping for bulk-sized products easy, convenient and fun. Today, we deliver a first class e-commerce experience for everyday essentials across the country.

We’re a publicly listed company that places technology and innovation at the heart of all that we do. Our technology platform and automated, state-of-the-art fulfillment centers make headlines and our systems utilize machine learning, predictive analytics and other technologies to ensure a delightful B2C and B2B online shopping experience.  While technology is at the core of what we do, providing a personalized, thoughtful and seamless shopping experience is at the core of who we are. We value each and every customer and every single order receives a hand-written thank you note.

Currently, all corporate employees are working remotely from home until it is deemed safe to return to our offices by local and state health officials. We have offices located in New York City (NY) and San Mateo (CA), and three fulfillment centers in New Jersey, Nevada and Texas. Fully remote candidates will be considered for certain categories of roles.