Senior Product Security Engineer

Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams - People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more - provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.
The Role
Offensive Security team emulates attackers to find vulnerabilities throughout Block, and inform remediation. We surface issues and offer technical expertise, without mandating deadlines. We don't throw security problems over the wall. We understand the struggle of our engineers and provide contextual guidance for a diverse, complex and cutting edge tech stack. We collaborate with our partners at every opportunity we can find and enable principled risk taking.
Block's Offensive Security Team is looking for a seasoned Senior Security Engineer. As a key leader on the team, you'll proactively identify critical areas to improve, leveraging your expertise to safeguard our systems and uphold customer trust. Your work will shape our security posture, keep us ahead of emerging threats, and secure the financial systems of tomorrow.
You Will

• Perform security assessments: Lead security design reviews, conduct penetration tests, source code reviews and improve security architecture.
• Create exploits for red team operations.
• Fix security issues: Commit small PRs to directly fix security issues.
• Lead security initiatives and strategy: Identify and drive critical security initiatives such as the GenAI security. Guide the technical direction of the team to ensure team's success.
• Mentor and lift: Mentor junior team members and lift the skills of the entire team.

You Have

• Penetration testing skills: You are an expert in penetration testing and have spent a decade or more honing your skills. You are fond of chaining bugs and creating real world exploits.
• Appsec and Cloudsec expertise: You have an extensive demonstrable expertise in appsec and cloudsec.
• Engineering skills: You are proficient in at least one programming language (Python, Java, Go, Ruby, Node,) and infrastructure as code. You don't hesitate to automate tasks, write tools and fix security vulns through code contributions.
• Leadership mindset: You assume responsibility for large projects while driving collaboration with multiple stakeholders. You are a known security expert and represent your team at technical forums and present at executive levels.

We're working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace. Block is an equal opportunity employer evaluating all employees and job applicants without regard to identity or any legally protected class. We will consider qualified applicants with arrest or conviction records for employment in accordance with state and local laws and "fair chance" ordinances.
We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. Want to learn more about what we're doing to build a workplace that is fair and square? Check out our I+D page .
While there is no specific deadline to apply for this role, U.S. roles are typically open for an average of 55 days before being filled by a successful candidate. Please refer to the date listed at the top of this job page for when this role was first posted.
Block takes a market-based approach to pay, and pay may vary depending on your location. U.S. locations are categorized into one of four zones based on a cost of labor index for that geographic area. The successful candidate's starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.
To find a location's zone designation, please refer to this resource . If a location of interest is not listed, please speak with a recruiter for additional information.
Zone A:
$217,800 - $326,800 USD
Zone B:
$207,000 - $310,400 USD
Zone C:
$196,100 - $294,100 USD
Zone D:
$185,200 - $277,800 USD
Every benefit we offer is designed with one goal: empowering you to do the best work of your career while building the life you want. Remote work, medical insurance, flexible time off, retirement savings plans, and modern family planning are just some of our offering. Check out our other benefits at Block.
Block, Inc. (NYSE: XYZ) builds technology to increase access to the global economy. Each of our brands unlocks different aspects of the economy for more people. Square makes commerce and financial services accessible to sellers. Cash App is the easy way to spend, send, and store money. Afterpay is transforming the way customers manage their spending over time. TIDAL is a music platform that empowers artists to thrive as entrepreneurs. Bitkey is a simple self-custody wallet built for bitcoin. Proto is a suite of bitcoin mining products and services. Together, we're helping build a financial system that is open to everyone.