Senior Security Engineer, Offensive Security

Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams - People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more - provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.
The Role
Protect the Future of Finance:
Join Block's Offensive Security Team as a Senior Security Engineer, driving impactful security initiatives across teams and organizational boundaries. You'll identify critical areas to improve, applying your expertise to safeguard our systems and uphold customer trust. Your work will shape our security posture, keep us ahead of emerging threats, and secure the financial systems of tomorrow.
About the team:
Offensive Security & Design team emulates attackers to find vulnerabilities throughout Block, and inform remediation. We surface issues and offer technical expertise, without mandating deadlines. We don't throw security problems over the wall. We understand the struggle of our engineers and provide contextual guidance for a diverse, complex and cutting edge tech stack that enables the business. We don't work in isolation, engineering and security teams at Block are your partners. We collaborate with our partners at every opportunity we can find and place the needs of our partners at the highest priority.
Your Mission:
You'll immerse yourself in our tech stack to gain an understanding of our infrastructure, applications and services, including their security boundaries.
You Will

• Identify and lead critical security initiatives.
• Conduct penetration tests, source code reviews, threat models, and design reviews to identify and mitigate security risks. Create exploits that demonstrate impact.
• Commit small PRs to directly fix security issues, rather than waiting for teams to address them.
• Identify gaps in existing designs and improve them to ensure security is integrated from the ground up.
• Communicate critical security findings to cross-functional teams, providing context, applicable remediation steps, and hands-on guidance throughout the resolution process.
• Lift skills and expertise of your teammates
• Be an excellent source of insights and wisdom on security topics.
• Support incident response efforts and reproduce bug bounty reports to ensure analysis resolutions.
• Guide the direction of the team to ensure team's success.

You Have

• Expertise in penetration testing, threat modeling and security engineering.
• Expertise in appsec and cloudsec and are proficient in infrastructure as code, CI/CD and supply chain security.
• The ability to work independently, managing multiple projects with ease and navigating technically complex apps and services.
• Experience mentoring others on the team
• [Even Better]
  • Expertise in modern secure design patterns
  • Knowledge about cryptocurrencies, wallets and storage.
  • Understanding of GenAI security topics
  • Conference presentations on AppSec/OffSec topics
  • Published CVEs / responsibly disclosed bugs

What You'll Get

• The opportunity to make a real impact on the security of our applications and the financial industry as a whole.
• A collaborative and dynamic work environment with an exceptional team of security engineers.
• Freedom to do security research that has the potential to have a deep impact on Block.
• An environment where conference presentations are highly encouraged.

We're working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace. Block is an equal opportunity employer evaluating all employees and job applicants without regard to identity or any legally protected class. We also consider qualified applicants with criminal histories for employment on our team, and always assess candidates on an individualized basis.We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. Want to learn more about what we're doing to build a workplace that is fair and square? Check out our I+D page .Block will consider qualified applicants with arrest or conviction records for employment in accordance with state and local laws and "fair chance" ordinances.
Block takes a market-based approach to pay, and pay may vary depending on your location. U.S. locations are categorized into one of four zones based on a cost of labor index for that geographic area. The successful candidate's starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.
To find a location's zone designation, please refer to this resource . If a location of interest is not listed, please speak with a recruiter for additional information.
Zone A:
$198,000 - $297,000 USD
Zone B:
$188,100 - $282,100 USD
Zone C:
$178,200 - $267,400 USD
Zone D:
$168,300 - $252,500 USD
Every benefit we offer is designed with one goal: empowering you to do the best work of your career while building the life you want. Check out benefits at Block.
Block, Inc. (NYSE: SQ) is a global technology company with a focus on financial services. Made up of Square, Cash App, Spiral, and TIDAL, we build tools to help more people access the economy. Square helps sellers run and grow their businesses with its integrated ecosystem of commerce solutions, business software, and banking services. With Cash App, anyone can easily send, spend, or invest their money in stocks or Bitcoin. Spiral (formerly Square Crypto) builds and funds free, open-source Bitcoin projects. Artists use TIDAL to help them succeed as entrepreneurs and connect more deeply with fans. TBD is building an open developer platform to make it easier to access Bitcoin and other blockchain technologies without having to go through an institution.