About the company
Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams ā People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more ā provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.
Job Summary
You Will
šBuild and maintain security tools: Develop and mature internal security services that protect source code, automate vulnerability detection, and support secure SDLC practices. šContribute to AI-based solutions: Work on AI initiatives for vulnerability detection and remediation, including integrations with LLMs across a range of providers. Our contributions extend to experimental tools that push traditional security boundaries, such as Block's open-source Codename Goose. šLead security engineering initiatives: We are a cross functional team and often collaborate with domain specific engineering functions such as CI/CD teams, directly consult with product teams, participate in audits alongside our GRC team, and help respond to security incidents where appropriate. šMentor and elevate: Foster a culture of mentorship and knowledge sharing within a senior team distributed across the US, Canada, and Australia. šContribute to vulnerability management: Identify and submit vulnerabilities, support priority remediation, and engage with the broader vulnerability management program. šOperate across products: Apply your expertise to secure a variety of products and services within Block's portfolio, including complex distributed systems.
##You Have šFamiliarity with SAST tooling: At Block we make heavy use of SAST tools to help prevent bad patterns at scale. We are heavy users of CodeQL and Semgrep but built our code-security program to allow for tooling flexibility. šDeep knowledge in vulnerability mechanics and mitigation strategies: We believe that looking at security through an offensive lens allows us to provide better guidance and tooling for our partner teams. šThe role does not primarily involve pentesting but an offensive security mindset can help improve the quality of our detection and remediation efforts. šAI and automation interest: ProdSecEng has a culture of building and automating security. We love using the best tools for the job and have a passion for leveraging emerging technologies such as AI to better protect our customers. šStrong engineering skills: Comfortable writing secure code, reviewing code for security issues, automating workflows, and working within (and securing) GitHub-based environments is vital.
Looking for your next challenge? The world of crypto offers exciting roles in blockchain development, web3 innovations, and remote opportunities.
