Security Incident Response Analyst
Role details
Job location
Tech stack
Job description
By joining Box, you will have the unique opportunity to continue driving our platform forward. Content powers how we work. It's the billions of files and information flowing across teams, departments, and key business processes every single day: contracts, invoices, employee records, financials, product specs, marketing assets, and more. Our mission is to bring intelligence to the world of content management and empower our customers to completely transform workflows across their organizations. With the combination of AI and enterprise content, the opportunity has never been greater to transform how the world works together and at Box you will be on the front lines of this massive shift., Box is committed to protecting the security and privacy of our customers, employees, and partners. As a Security Incident Response Analyst, you will be at the center of that mission - detecting, investigating, and responding to security threats that could impact our platform and the organizations that trust us.
You will work alongside a collaborative, high-performing security team to build and mature our incident response capabilities, ensuring Box remains a trusted partner for enterprises around the world.
WHAT YOU'LL DO
- Monitor security alerts and events across Box's environment using SIEM and other detection tools to identify potential threats and anomalies.
- Lead and coordinate the end-to-end response to security incidents, from initial triage through containment, eradication, and post-incident review.
- Conduct in-depth forensic analysis of endpoints, logs, and network traffic to determine the scope and root cause of security events.
- Develop and refine incident response playbooks, runbooks, and procedures to improve response speed and consistency.
- Collaborate with Engineering, Legal, and Compliance teams to ensure incidents are handled in accordance with regulatory requirements and internal policies.
- Identify trends and patterns in security data to proactively surface emerging threats and recommend improvements to detection and prevention capabilities.
- Contribute to threat intelligence programs by researching adversary tactics, techniques, and procedures (TTPs) relevant to Box's threat landscape.
- Participate in our on-call rotation, available at all times while on-call to help respond to and triage any issues that arise.
Requirements
- You have 3+ years of experience in security operations, incident response, or a related cybersecurity discipline.
- You have hands-on experience with SIEM platforms (e.g., Splunk, Chronicle, or similar) and endpoint detection and response (EDR) tools.
- You are proficient in log analysis, digital forensics, and network traffic analysis.
- You have a solid understanding of common attack frameworks such as MITRE ATT&CK and can apply them to real-world investigations.
- You communicate clearly and concisely - both in written incident reports and in cross-functional conversations with technical and non-technical stakeholders.
- You hold or are actively pursuing a relevant certification such as GCIH, GCFE, GCFA, CEH, or equivalent.
Box lives its values, with community and in-person collaboration being a core part of our culture. Boxers are expected to work from their assigned office a minimum of 3 days per week. Your Recruiter will share more about how we work and company culture during the hiring process.
Benefits & conditions
3.83.8 out of 5 stars Los Angeles, CA Remote $78,500 - $95,000 a year