Job Description
Summary
Block's Product Security Engineering team is hiring a Product Security Engineer to help drive innovation in security engineering through automation, AI, and deep technical expertise. You'll be part of a specialized group that secures our development lifecycle, empowers our engineers, and builds state-of-the-art security services.
This role goes beyond general software engineering -- we want an engineer with expert‑level insight into widespread vulnerabilities and the skill to build scalable, end‑to‑end defenses for all of Block's products.
As part of a growing and technically advanced team, you'll partner with product, platform, and infrastructure teams to build security into the paved rails used by software engineers across all Block brands.
In ProdSecEng we don't just want to find vulnerabilities, we want to be part of systemically fixing them at scale. By combining secure frameworks, SAST tools and experiments with AI we aim to redefine how security vulnerabilities are identified, resolved and most importantly prevented in the future.
You Will
- Build and maintain security tools: Develop and mature internal security services that protect source code, automate vulnerability detection, and support secure SDLC practices.
- Contribute to AI-based solutions: Work on AI initiatives for vulnerability detection and remediation, including integrations with LLMs across a range of providers. Our contributions extend to experimental tools that push traditional security boundaries, such as Block's open-source Codename Goose.
- Lead security engineering initiatives: We are a cross functional team and often collaborate with domain specific engineering functions such as CI/CD teams, directly consult with product teams, participate in audits alongside our GRC team, and help respond to security incidents where appropriate.
- Mentor and elevate: Foster a culture of mentorship and knowledge sharing within a senior team distributed across the US, Canada, and Australia.
- Contribute to vulnerability management: Identify and submit vulnerabilities, support priority remediation, and engage with the broader vulnerability management program.
- Operate across products: Apply your expertise to secure a variety of products and services within Block's portfolio, including complex distributed systems.
You Have
- Familiarity with SAST tooling: At Block we make heavy use of SAST tools to help prevent bad patterns at scale. We are heavy users of CodeQL and Semgrep but built our code-security program to allow for tooling flexibility.
- Deep knowledge in vulnerability mechanics and mitigation strategies: We believe that looking at security through an offensive lens allows us to provide better guidance and tooling for our partner teams. The role does not primarily involve pentesting but an offensive security mindset can help improve the quality of our detection and remediation efforts.
- AI and automation interest: ProdSecEng has a culture of building and automating security. We love using the best tools for the job and have a passion for leveraging emerging technologies such as AI to better protect our customers.
- Strong engineering skills: Comfortable writing secure code, reviewing code for security issues, automating workflows, and working within (and securing) GitHub-based environments is vital.
- Network edge security experience: ProdSecEng team members aim to support the wider security and engineering function by protecting our network's perimeter. We highly value experience mitigating network-based security threats from bot attacks or leading incident response efforts (bonus: familiarity with CDN providers such as Cloudflare and Fastly).
- Collaborative mindset: ProdSecEng is a customer focused team and our customers are primarily our peers across engineering. The ability to work effectively with cross-functional partners, including developers, auditors, and security analysts to achieve team goals is vital.
- Remote and async effectiveness: Experience working across time zones and using rituals (stand-ups, retros, sprint planning) to stay connected.
Skills
- Communications Skills
- Development
- Software Engineering
- Team Collaboration