Box Cybersecurity Engineer

Job Title: Box Cybersecurity Engineer

Location: Virtual

Other Consideration: U.S. Citizen (Required)

We are seeking a highly skilled and motivated Box Cybersecurity Engineer to join our cybersecurity team supporting the Department of Veterans Affairs (VA). This individual will play a critical role in maintaining the security posture of multiple Box Enterprise Cloud Content Collaboration environments, ensuring compliance with federal cybersecurity standards and frameworks.

Key Responsibilities:

• Serve as a cybersecurity subject matter expert (SME) for the VA’s five production Box Enterprise Cloud Content Collaboration Software-as-a-Service (SaaS) environments.
• Lead and manage system security lifecycle activities for Box SaaS solutions, with a deep understanding of SaaS security architectures and operational processes within the federal space.
• Apply expertise in the NIST Risk Management Framework (RMF) to manage security compliance and risk mitigation activities.
• Develop, submit, and maintain Assessment and Authorization (A&A) packages within VA’s GRC tool (eMASS- Enterprise Mission Assurance Support Service/SNOW Continuous Authorization and Monitoring) to support and sustain Authority to Operate (ATO) approvals.
• Act as System Steward within VA’s GRC tool, ensuring accurate documentation and continuous compliance tracking.
• Lead Continuous Monitoring (ConMon) activities to assess and respond to vulnerabilities, threats, and other security events across the Box environment.
• Coordinate with VA cybersecurity stakeholders, system owners, and vendors to ensure alignment with federal cybersecurity standards and VA security policies.
• Maintain awareness of evolving cybersecurity threats, Box platform updates, and federal compliance changes that may impact system security.

Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience).
• 5+ years of experience in cybersecurity, including federal information system security.
• Hands-on experience with NIST RMF, FedRAMP, FISMA, and related frameworks.
• Proven experience managing ATO packages and security artifacts in VA’s GRC tool (eMASS, SNOW Continuous Authorization and Monitoring).
• In-depth knowledge of SaaS platforms, particularly Box or similar cloud content collaboration tools.
• Strong understanding of ConMon, vulnerability management, and incident response.

Certification:

• Relevant certifications such as CISSP, CAP, CISM, or Security+

Transitioning military and/or Veterans with IT/IS, finance, and/or healthcare systems specialties are invited to apply. Sprezzatura is an equal opportunity employer and offers benefits including healthcare and paid vacation time.

WORK AUTHORIZATION

This role requires you to live within the United States.

Evidence of work authorization upon employment is required in compliance with the Immigration Reform and Control Act of 1986. Completion of USCIS form I-9 will be required to verify employment eligibility within 3 business days of the first day of employment.

AAP/EEO STATEMENT

Sprezzatura expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Sprezzatura ’s employees to perform their job duties may result in discipline up to and including discharge.

CLEARANCE REQUIREMENT

This position may require Public Trust clearance. Candidates must undergo a background investigation, including a review of employment history, education, criminal record, and financial history. The clearance process ensures that the candidate is reliable, trustworthy, and of good conduct and character. Employment offers are contingent upon successful passing a public trust clearance process.

COMPANY DESCRIPTION

Sprezzatura (www.sprezzmc.com) is a Washington, DC-area Service-Disabled Veteran-Owned Small Business (SDVOSB) that enables client success by supplying insight and leadership at the intersection of people, processes, and technology.