Box · Primly Community

Box senior / L5 system design interview, what to expect

staff_steph · 4 replies

Went through the Box senior SWE loop earlier this year, L5 level. Wanted to write up the system design round since most of the posts I found before going in were pretty sparse.

The design round was 60 minutes with two interviewers. One did most of the talking, the other took notes and jumped in with follow-ups near the end. The prompt was open-ended enough that they wanted to see how you scope, not just whether you can draw boxes.

The specific topic was something in the content/file-sharing space (not giving exact prompt but it fits what Box does). That wasn't a coincidence. They want you designing systems that are relevant to their actual product surface: storage, sharing, permissions, real-time collaboration, enterprise controls. If your prep has been all "design Twitter" without thinking about access-control models or object storage at scale, spend an hour or two on that before going in.

What they probed on: Consistency guarantees for concurrent edits. Not asking you to implement OT or CRDTs from scratch but you should know what those are and when you'd reach for them. Permission propagation. If a folder has 10k nested files and you change a permission, how do you make that fast? They kept pushing on this. Blob storage vs metadata DB split. Pretty standard but they wanted the tradeoff conversation, not just "S3 for blobs." Latency for large file uploads. Multipart, resumable, chunking strategy.

Leveling note from what I could read in the room: at L5 they want you to drive. Don't wait to be asked about trade-offs, surface them yourself. The interviewers seemed to lose interest in candidates who only answered what was asked.

Total loop was phone screen + coding + system design + two behavioral rounds. System design was on day 2 of the onsite.

Happy to answer specifics in replies.

4 replies

corp_refugee

Permission propagation is such a Box-specific rabbit hole. At my old place we eventually moved to a lazy evaluation model instead of propagating eagerly. Did they seem to have a strong opinion on which approach they preferred, or were they okay with you defending whatever you picked?

staff_steph

They seemed okay either way as long as you could articulate why and call out the failure modes. I went lazy with a cache invalidation story and they asked a bunch of follow-ups on stale reads. So be prepared to defend the edge cases, not just the happy path.

visa_vik

Appreciate this writeup a lot. Did the behavioral rounds on day 2 feel like an afterthought or did they carry real weight? Asking because I'm on a timeline and trying to know where to allocate prep time.

director_dee

The permission propagation question is legitimately hard and a real engineering problem we've grappled with in enterprise content systems. Good sign that Box is asking real problems instead of "reverse a linked list" at the senior level.