WHY BOX NEEDS YOU Box is committed to protecting the security and privacy of our customers, employees, and partners. As a Security Incident Response Analyst, you will be at the center of that mission - detecting, investigating, and responding to security threats that could impact our platform and the organizations that trust us.
You will work alongside a collaborative, high-performing security team to build and mature our incident response capabilities, ensuring Box remains a trusted partner for enterprises around the world.
WHAT YOU'LL DO - Monitor security alerts and events across Box's environment using SIEM and other detection tools to identify potential threats and anomalies.
- Lead and coordinate the end-to-end response to security incidents, from initial triage through containment, eradication, and post-incident review.
- Conduct in-depth forensic analysis of endpoints, logs, and network traffic to determine the scope and root cause of security events.
- Develop and refine incident response playbooks, runbooks, and procedures to improve response speed and consistency.
- Collaborate with Engineering, Legal, and Compliance teams to ensure incidents are handled in accordance with regulatory requirements and internal policies.
- Identify trends and patterns in security data to proactively surface emerging threats and recommend improvements to detection and prevention capabilities.
- Contribute to threat intelligence programs by researching adversary tactics, techniques, and procedures (TTPs) relevant to Box's threat landscape.
- Participate in our on-call rotation, available at all times while on-call to help respond to and triage any issues that arise.
WHO YOU ARE We are an AI-first company. This means you approach your work with a growth mindset and find ways to leverage AI to help make faster, smarter decisions that will 10X your impact at Box.
- You have 3+ years of experience in security operations, incident response, or a related cybersecurity discipline.
- You have hands-on experience with SIEM platforms (e.g., Splunk, Chronicle, or similar) and endpoint detection and response (EDR) tools.
- You are proficient in log analysis, digital forensics, and network traffic analysis.
- You have a solid understanding of common attack frameworks such as MITRE ATT&CK and can apply them to real-world investigations.
- You communicate clearly and concisely - both in written incident reports and in cross-functional conversations with technical and non-technical stakeholders.
- You hold or are actively pursuing a relevant certification such as GCIH, GCFE, GCFA, CEH, or equivalent.
Box lives its values, with community and in-person collaboration being a core part of our culture. Boxers are expected to work from their assigned office a minimum of 3 days per week. Your Recruiter will share more about how we work and company culture during the hiring process.
At Box, we believe unique and diverse experiences benefit our culture, our products, our customers, our company, and our world. We aim to recruit a passionate, high-performing workforce that reflects the world we live in.If you are head-over-heels about this role but unsure if you meet all the requirements, we encourage you to apply!
Box is committed to fair and equitable compensation practices. Actual base salary is dependent upon factors such as: knowledge, skill level, experience, and work location. This role is also eligible for equity and benefits. For more information, check out our benefits and perks.
United States Pay Range
$78,500-$95,000 USD