Security Engineer

Website Cash App

Redefine the world's relationship with money.



About the job
Company Description

It all started with an idea at Block in 2013. Initially built to take the pain out of peer-to-peer payments, Cash App has gone from a simple product with a single purpose to a dynamic ecosystem, developing unique financial products, including Afterpay/Clearpay, to provide a better way to send, spend, invest, borrow and save to our 47 million monthly active customers. We want to redefine the world’s relationship with money to make it more relatable, instantly available, and universally accessible.

Today, Cash App has thousands of employees working globally across office and remote locations, with a culture geared toward innovation, collaboration and impact. We’ve been a distributed team since day one, and many of our roles can be done remotely from the countries where Cash App operates. No matter the location, we tailor our experience to ensure our employees are creative, productive, and happy.

Check out our locations, benefits, and more at cash.app/careers.

Job Description

At Cash, security is everyone’s responsibility, especially among engineering disciplines. Cash Security is a multidisciplinary team, closely aligned to the needs of the business. The team is composed of multiple engineering and governance teams, each specializing and collaboratively solving the security, privacy and governance needs alongside their partner organizations.

About Product Security Engineering:

The product security engineering team focuses on protecting Cash App’s customer data throughout the product engineering’s technology stacks. We are a hands-on, engineering-driven security team, which aligns security engineers toward product teams, across the entire Cash App organization. We continually raise the overall trust of Cash App’s products by building high leverage security abstractions into the technology stacks our partners utilize. We collaborate on building these security infrastructures, design patterns, and guidelines. We accomplish our goals by treating security engineering as a discipline, offering our expertise to technical and non-technical stakeholders. We secondarily abstract bespoke security solutions into reusable infrastructure, sharing our learnings, best practices, and solutions across the organization.

Our mission is to empower Cash engineers to protect our customers’ data in every aspect of the product and data life cycle; by providing reusable primitives and scalable platforms.

As a Product Security Engineer, you’ll work within the product engineering organization to:

Co-design, co-build, and co-own the security and privacy mechanisms and features which support the internal engineering teams and customer operations.
Design, apply, and develop security primitives to protect data
Help identify and remedied potential security risks to our customers’ data
Understand how to apply and advise product teams on security requirements to the product’s implementation and how specific regulatory data privacy considerations may be relevant
Drive the direction of the organization by productizing common security patterns and working toward our security roadmap
Help the engineers around you level-up on their own security reasoning and knowledge

 

Examples of our previous work:

CashApp’s open source mobile client security SDK [GitHub]
General purpose multi-party authorization framework
Context aware audit logging functionality
Drive the adoption of policy as code
Cash’s Field Level Encryption (FLE) framework [Blog]

 

Qualifications

You have:

A strong motivation to contribute to a meaningful product that will fundamentally change the way people interact with financial institutions
You enjoy solving problems at scale, through hands-on problem solving
Strong desire to perform and grow as a security engineer and educate other engineers
Demonstrated technical initiative and leadership
Enthusiastic about distributed workforces and effective at working asynchronously
An interest in working on a product that impacts people/businesses directly
You have an aptitude for security and strong software engineering fundamentals

 

Tools we use and teach:

AWS KMS and Google’s Tink Cryptographic APIs
Android / iOS mobile development
Java 11 including JUnit, Hibernate, and Guice
Kotlin
HTTP, JSON, gRPC, and Protocol Buffers
MySQL, DynamoDB
Operating microservices, Kubernetes, Terraform

 

Additional Information

We’re working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace. Block is a proud equal opportunity employer. We work hard to evaluate all employees and job applicants consistently, based solely on the core competencies required of the role at hand, and without regard to any legally protected class.

We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. Want to learn more about what we’re doing to build a workplace that is fair and square? Check out our I+D page.

Block, Inc. (NYSE: SQ) is a global technology company with a focus on financial services. Made up of Square, Cash App, Spiral, TIDAL, and TBD, we build tools to help more people access the economy. Square helps sellers run and grow their businesses with its integrated ecosystem of commerce solutions, business software, and banking services. With Cash App, anyone can easily send, spend, or invest their money in stocks or Bitcoin. Spiral (formerly Square Crypto) builds and funds free, open-source Bitcoin projects. Artists use TIDAL to help them succeed as entrepreneurs and connect more deeply with fans. TBD is building an open developer platform to make it easier to access Bitcoin and other blockchain technologies without having to go through an institution.

To apply for this job please visit www.linkedin.com.