Software Engineer III, Identity & Security Foundation

Box•Redwood City, CA

14h•Hybrid

About The Position

The Identity and Security Foundation (ISF) team serves as the gatekeeper of Box. Every request to access Box services must be authenticated through one of the systems we manage. We are responsible for all authentication flows at Box—including web, API, microservice-to-microservice, and SSO. Our team governs, architects, and builds the authentication infrastructure that underpins Box’s security. As Box evolves into an AI-powered content platform, ISF is at the forefront of securing the next generation of intelligent experiences. We are extending identity and access foundations to support AI services, ensuring secure interactions between users, applications, and AI agents while protecting customer data and enabling trustworthy AI adoption at scale. Whether it's scaling systems to handle billions of requests per day, developing new capabilities to deliver seamless security, reimagining passwords for a multi-device world, or building secure foundations for AI-driven workflows, we empower Box’s rapid growth. The modern, secure, and reliable services and frameworks we create are critical to realizing Box’s ambitious vision.

Requirements

3+ years of professional software engineering experience working primarily with Java or PHP in production environments.
Bachelor’s degree in Computer Science or related field—or equivalent practical experience—with strong fundamentals in software development concepts.
Solid understanding of modern authentication mechanisms like MFA, SSO, OAuth 2.0 flows, and JWT token management, including scope and permission enforcement.
Experience building RESTful APIs or microservices architectures with an emphasis on security best practices.
Comfortable collaborating across teams to translate requirements into technical designs that balance security needs with user experience.
You understand how to balance security concerns alongside system performance and usability without compromising quality.

Responsibilities

Design, develop, and maintain secure and scalable authentication and authorization systems using technologies like Java, PHP, Docker, and Kubernetes.
Build high-quality microservices focused on security features such as MFA, SSO, OAuth2.0, OIDC, JWT Auth, token management, scopes and permissions.
Collaborate closely with cross-functional teams including product managers and other engineers to deliver reliable solutions aligned with business needs.
Contribute to code reviews and help improve team best practices around security standards and software quality.
Troubleshoot production issues related to authentication services; implement fixes while balancing performance and usability.
Participate in architectural discussions by providing input based on hands-on experience with secure web service design.
Mentor junior engineers by sharing knowledge about secure coding patterns and system design principles.
Participate in our on-call rotation, available at all times while on-call to help respond to and triage any issues that arise.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume