Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams - People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more - provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.
The Role
Protect the Future of Finance:
Join Block's Offensive Security Team as a Senior Security Engineer, driving impactful security initiatives across teams and organizational boundaries. You'll identify critical areas to improve, applying your expertise to safeguard our systems and uphold customer trust. Your work will shape our security posture, keep us ahead of emerging threats, and secure the financial systems of tomorrow.
About the team:
Offensive Security & Design team emulates attackers to find vulnerabilities throughout Block, and inform remediation. We surface issues and offer technical expertise, without mandating deadlines. We don't throw security problems over the wall. We understand the struggle of our engineers and provide contextual guidance for a diverse, complex and cutting edge tech stack that enables the business. We don't work in isolation, engineering and security teams at Block are your partners. We collaborate with our partners at every opportunity we can find and place the needs of our partners at the highest priority.
Your Mission:
You'll immerse yourself in our tech stack to gain an understanding of our infrastructure, applications and services, including their security boundaries.
You Will
- Identify and lead critical security initiatives.
- Conduct penetration tests, source code reviews, threat models, and design reviews to identify and mitigate security risks. Create exploits that demonstrate impact.
- Commit small PRs to directly fix security issues, rather than waiting for teams to address them.
- Identify gaps in existing designs and improve them to ensure security is integrated from the ground up.
- Communicate critical security findings to cross-functional teams, providing context, applicable remediation steps, and hands-on guidance throughout the resolution process.
- Lift skills and expertise of your teammates
- Be an excellent source of insights and wisdom on security topics.
- Support incident response efforts and reproduce bug bounty reports to ensure analysis resolutions.
- Guide the direction of the team to ensure team's success.
You Have
- 10+ years experience in penetration testing, threat modeling and security engineering.
- Expertise in appsec and cloudsec and are proficient in infrastructure as code, CI/CD and supply chain security.
- The ability to work independently, managing multiple projects with ease and navigating technically complex apps and services.
- Experience mentoring others on the team
- [Even Better]
- Expertise in modern secure design patterns
- Knowledge about cryptocurrencies, wallets and storage.
- Understanding of GenAI security topics
- Conference presentations on AppSec/OffSec topics
- Published CVEs / responsibly disclosed bugs
What You'll Get
- The opportunity to make a real impact on the security of our applications and the financial industry as a whole.
- A collaborative and dynamic work environment with an exceptional team of security engineers.
- Freedom to do security research that has the potential to have a deep impact on Block.
- An environment where conference presentations are highly encouraged.
We're working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace. Block is an equal opportunity employer evaluating all employees and job applicants without regard to identity or any legally protected class. We also consider qualified applicants with criminal histories for employment on our team, and always assess candidates on an individualized basis.We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. Want to learn more about what we're doing to build a workplace that is fair and square? Check out our I+D page .Block will consider qualified applicants with arrest or conviction records for employment in accordance with state and local laws and "fair chance" ordinances.
Block takes a market-based approach to pay, and pay may vary depending on your location. U.S. locations are categorized into one of four zones based on a cost of labor index for that geographic area. The successful candidate's starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.
To find a location's zone designation, please refer to this resource . If a location of interest is not listed, please speak with a recruiter for additional information.
Zone A:
$217,800 - $326,800 USD
Zone B:
$207,000 - $310,400 USD
Zone C:
$196,100 - $294,100 USD
Zone D:
$185,200 - $277,800 USD
Every benefit we offer is designed with one goal: empowering you to do the best work of your career while building the life you want. Remote work, medical insurance, flexible time off, retirement savings plans, and modern family planning are just some of our offering. Check out our other benefits at Block.
Block, Inc. (NYSE: XYZ) builds technology to increase access to the global economy. Each of our brands unlocks different aspects of the economy for more people. Square makes commerce and financial services accessible to sellers. Cash App is the easy way to spend, send, and store money. Afterpay is transforming the way customers manage their spending over time. TIDAL is a music platform that empowers artists to thrive as entrepreneurs. Bitkey is a simple self-custody wallet built for bitcoin. Proto is a suite of bitcoin mining products and services. Together, we're helping build a financial system that is open to everyone.
