Requirements: English
Company: Box Poland sp. z o.o.
Region: Warsaw , Masovian Voivodeship
technologies-expected :
about-project :
- We are seeking a highly skilled and visionary Staff Security Engineer to lead the security strategy and implementation for Generative AI and Agentic AI technologies within Box''s platform. You will be instrumental in designing, developing, and operationalizing security controls that address the novel risks introduced by autonomous AI agents and generative models. Additionally, you will drive strategic initiatives to leverage LLMs to enhance our secure development lifecycle. Your work will ensure that Box remains a trusted leader in AI-powered content management by embedding security-by-design principles into all AI features and tooling.
- **Our compensation structure is the base salary and equity in the form of restricted stock units.
responsibilities :
- Lead the design and implementation of security architectures specifically tailored for Generative AI and Agentic AI systems, including agentic identity models, least privilege access, runtime guardrails, and audit logging.
- Develop threat modeling approaches adapted for dynamic, non-deterministic AI agent behaviors, identifying autonomy-related risks such as prompt injection, tool misuse, agent impersonation, and multi-agent system attacks.
- Build and integrate advanced security tooling and automation to detect, prevent, and respond to AI-specific vulnerabilities across the development lifecycle, including adversarial testing frameworks for AI agents.
- Spearhead the strategy for integrating LLMs into the secure development lifecycle, including code review automation, vulnerability detection, and security documentation generation.
- Design and implement AI-powered security tools that can analyze code, identify potential vulnerabilities, and recommend secure coding patterns at scale.
- Lead proof-of-concept initiatives to demonstrate how generative AI can improve security posture through automated threat modeling, security testing, and developer education.
- Collaborate closely with product, engineering, and compliance teams to embed secure-by-default configurations and user consent checkpoints for sensitive AI actions involving PII, PHI, or critical business decisions.
- Drive continuous improvement of AI security posture by researching emerging attack vectors like model poisoning, untrusted code execution, and supply chain risks related to open-source AI frameworks.
- Mentor and guide other engineers on secure AI development practices and contribute to organizational knowledge sharing around AI risk mitigation strategies.
requirements-expected :
- Experienced security engineer with 5+ years in application security, DevSecOps, or security tooling, ideally with exposure to AI/ML security challenges.
- Deep understanding of AI agent architectures, generative AI models, and associated security risks such as prompt injection, adversarial attacks, and autonomous decision-making vulnerabilities.
- Proven track record implementing security tools and automation (SAST, DAST, SCA, API security scanning) integrated into CI/CD pipelines at scale.
- Experience with or strong interest in applying LLMs to security use cases, such as code analysis, vulnerability detection, or security documentation.
- Demonstrated ability to translate security requirements into practical AI applications that enhance the secure development lifecycle.
- Skilled in threat modeling methodologies and able to adapt traditional frameworks to dynamic AI systems.
- Proficient in at least one scripting language (e.g. Python) and familiar with multiple programming languages, cloud-native environments and container security.
- Strong communicator capable of articulating complex AI security concepts to both technical and non-technical stakeholders.
- Passionate about cybersecurity innovation, with active participation in security communities, conferences, CTFs, bug bounty programs, or CVE submissions preferred.
- Growth mindset with a proactive approach to learning and problem-solving in fast-evolving technology landscapes.
benefits :
- sharing the costs of sports activities
- private medical care
- life insurance
- remote work opportunities
- flexible working time
- integration events
- dental care
- retirement pension plan
- corporate library
- no dress code
- video games at work
- coffee / tea
- drinks
- leisure zone
- holiday funds
- employee referral program
- charity initiatives
- family picnics
- extra leave
- lunch vouchers