Box
Software Engineer III, Authentication & Security Engineering
Box, Redwood City, California, United States, 94061
Overview
Box (NYSE:BOX) is the leader in Intelligent Content Management. Our platform enables organizations to fuel collaboration, manage the entire content lifecycle, secure critical content, and transform business workflows with enterprise AI. Box is headquartered in Redwood City, CA, with offices across the United States, Europe, and Asia. Our mission is to bring intelligence to the world of content management and empower our customers to transform workflows across their organizations.
WHY BOX NEEDS YOU
The Identity and Security Foundation (ISF) team serves as the gatekeeper of Box. Every request to access Box services must be authenticated through one of the systems we manage. We are responsible for all authentication flows at Box—including web, API, microservice-to-microservice, and SSO. Our team governs, architects, and builds the authentication infrastructure that underpins Box’s security. We empower Box’s rapid growth through modern, secure, and reliable services and frameworks.
WHAT YOU'LL DO
Design, develop, and maintain secure and scalable authentication and authorization systems using technologies like Java, PHP, Docker, and Kubernetes.
Build high-quality microservices focused on security features such as MFA, SSO, OAuth2.0, OIDC, JWT Auth, token management, scopes and permissions.
Collaborate closely with cross-functional teams including product managers and other engineers to deliver reliable solutions aligned with business needs.
Contribute to code reviews and help improve team best practices around security standards and software quality.
Troubleshoot production issues related to authentication services; implement fixes while balancing performance and usability.
Participate in architectural discussions by providing input based on hands-on experience with secure web service design.
Mentor junior engineers by sharing knowledge about secure coding patterns and system design principles.
Participate in our on-call rotation, and be available during on-call shifts to respond to and triage any issues that arise.
WHO YOU ARE We are an AI-first company. This means you approach your work with a growth mindset and find ways to leverage AI to help make faster, smarter decisions that will 10X your impact at Box.
Bachelor’s degree in Computer Science or related field—or equivalent practical experience—with strong fundamentals in software development concepts.
You have 3+ years of professional software engineering experience working primarily with Java or PHP in production environments.
Solid understanding of modern authentication mechanisms like MFA, SSO, OAuth 2.0 flows, and JWT token management, including scope and permission enforcement.
Experience building RESTful APIs or microservices architectures with an emphasis on security best practices.
Comfortable collaborating across teams to translate requirements into technical designs that balance security needs with user experience.
You understand how to balance security concerns alongside system performance and usability without compromising quality.
Box lives its values, with community and in-person collaboration being a core part of our culture. Boxers are expected to work from their assigned office a minimum of 3 days per week. Your Recruiter will share more about how we work and company culture during the hiring process.
EQUAL OPPORTUNITY We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability, and any other protected ground of discrimination under applicable human rights legislation. Box strives to respect the dignity and independence of people with disabilities and is committed to giving them the same opportunity to succeed as all other employees. Inclusiveness is core to our culture at Box, and we strive to ensure you get the most from your interview experience. Box makes reasonable accommodations for applicants with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, please complete this form.
Notice to applicants in Los Angeles: Box, Inc and its related branches will consider for employment, qualified applicants with criminal histories in a manner consistent with the Los Angeles Fair Chance Ordinance. The Fair Chance Ordinance is provided here.
Notice to applicants in San Francisco: Box, Inc and its related branches will consider for employment, qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance. The Fair Chance Ordinance is provided here.
For details on how we protect your information when you apply, please see our Personnel Privacy Notice. If you are a California-resident, please read our California Applicant & Candidate Privacy Notice here.
#LI-DR1
#LI-Hybrid
Box is committed to fair and equitable compensation practices. Actual base salary (or OTE if commissionable role) is dependent upon factors such as knowledge, skill level, experience, and work location. This role is also eligible for equity and benefits. For more information on benefits, check out our healthcare benefits and additional Box Benefits + Perks.
#J-18808-Ljbffr
WHY BOX NEEDS YOU
The Identity and Security Foundation (ISF) team serves as the gatekeeper of Box. Every request to access Box services must be authenticated through one of the systems we manage. We are responsible for all authentication flows at Box—including web, API, microservice-to-microservice, and SSO. Our team governs, architects, and builds the authentication infrastructure that underpins Box’s security. We empower Box’s rapid growth through modern, secure, and reliable services and frameworks.
WHAT YOU'LL DO
Design, develop, and maintain secure and scalable authentication and authorization systems using technologies like Java, PHP, Docker, and Kubernetes.
Build high-quality microservices focused on security features such as MFA, SSO, OAuth2.0, OIDC, JWT Auth, token management, scopes and permissions.
Collaborate closely with cross-functional teams including product managers and other engineers to deliver reliable solutions aligned with business needs.
Contribute to code reviews and help improve team best practices around security standards and software quality.
Troubleshoot production issues related to authentication services; implement fixes while balancing performance and usability.
Participate in architectural discussions by providing input based on hands-on experience with secure web service design.
Mentor junior engineers by sharing knowledge about secure coding patterns and system design principles.
Participate in our on-call rotation, and be available during on-call shifts to respond to and triage any issues that arise.
WHO YOU ARE We are an AI-first company. This means you approach your work with a growth mindset and find ways to leverage AI to help make faster, smarter decisions that will 10X your impact at Box.
Bachelor’s degree in Computer Science or related field—or equivalent practical experience—with strong fundamentals in software development concepts.
You have 3+ years of professional software engineering experience working primarily with Java or PHP in production environments.
Solid understanding of modern authentication mechanisms like MFA, SSO, OAuth 2.0 flows, and JWT token management, including scope and permission enforcement.
Experience building RESTful APIs or microservices architectures with an emphasis on security best practices.
Comfortable collaborating across teams to translate requirements into technical designs that balance security needs with user experience.
You understand how to balance security concerns alongside system performance and usability without compromising quality.
Box lives its values, with community and in-person collaboration being a core part of our culture. Boxers are expected to work from their assigned office a minimum of 3 days per week. Your Recruiter will share more about how we work and company culture during the hiring process.
EQUAL OPPORTUNITY We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability, and any other protected ground of discrimination under applicable human rights legislation. Box strives to respect the dignity and independence of people with disabilities and is committed to giving them the same opportunity to succeed as all other employees. Inclusiveness is core to our culture at Box, and we strive to ensure you get the most from your interview experience. Box makes reasonable accommodations for applicants with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, please complete this form.
Notice to applicants in Los Angeles: Box, Inc and its related branches will consider for employment, qualified applicants with criminal histories in a manner consistent with the Los Angeles Fair Chance Ordinance. The Fair Chance Ordinance is provided here.
Notice to applicants in San Francisco: Box, Inc and its related branches will consider for employment, qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance. The Fair Chance Ordinance is provided here.
For details on how we protect your information when you apply, please see our Personnel Privacy Notice. If you are a California-resident, please read our California Applicant & Candidate Privacy Notice here.
#LI-DR1
#LI-Hybrid
Box is committed to fair and equitable compensation practices. Actual base salary (or OTE if commissionable role) is dependent upon factors such as knowledge, skill level, experience, and work location. This role is also eligible for equity and benefits. For more information on benefits, check out our healthcare benefits and additional Box Benefits + Perks.
#J-18808-Ljbffr