Sr. Security Engineer, Software Supply Chain Security

Company Description

Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.

Job Description

Block’s Information Security culture is focused on enabling our engineering teams to build and ship secure products. We achieve this by designing, building, and deploying state of the art security alongside our product and infrastructure teams.

The Software Supply Chain Security team is the team at Block responsible for ensuring that: 

• The information necessary to understand the past and present state of our supply chain exists;
• Block can have confidence at all times in the accuracy of the information about, and the immutability of the inputs and outputs of, our software supply chain;
• There is a chain of custody for each piece of code that comes into and flows out of Block
• Block can prevent, as well as detect and identify as an attack, any alterations to the information necessary to understand the past and present state of our supply chain, to our supply chain systems and process, or to our inputs or outputs; and
• The systems and processes we use and build for storing our source code and built artifacts, as well as those for building and deploying our code, are secured using best practices, and we can report meaningfully on the security stances of those systems.

In short, it’s our job to make sure that Block’s code is secure from PR to Production. We blend third-party tooling with in-house systems to improve the security of our entire software supply chain.

This work will require you to work across team boundaries to design and build solutions that provide visibility into, and improve the security of, the state of our code  and artifact repos, build, CI, and deployment systems. This role will mix security architecture with actually building and integrating tooling.

You will:

• Partner with teams and individuals across the company to secure multiple different CI and build systems, for a wide range of technologies (e.g. web apps, mobile apps, hardware, and back-end systems) and programming languages. 
• Learn about and implement solutions to and mitigations against software supply chain attacks . 
• Work remotely or in any Square office location in the USA or Canada. Occasional travel may be required for team offsites after the pandemic. SSCS is a fully distributed team.

Qualifications

Desired Background:

• You have experience in security architecture, having co-led or led security architecture design and implementation/integration for one or more medium- to large- size systems.
• You have experience writing code to solve security issues. This could be writing security tools, integrating security into products, or automation/management of security-sensitive environments.
• Familiarity with information security systems and practices through at least one of DevSecOps, build engineering, application security, or SDET and at least one other discipline such as systems, software engineering, test, etc.
• You are familiar with at least one cloud platform (AWS, GCP, etc) or on-prem infrastructure deployments.
• You are unafraid to get your hands dirty writing code and performing integration work.
• You work well cross-functionally, and can communicate with audiences who may not have a security background.
• Interest in Software Supply Chain Security (no experience required)

Technologies We Use:

• Ruby and Rails
• Go
• Kubernetes
• Jenkins, BuildKite, Github Actions
• AWS, GCP & on-Prem infrastructure
• Other tools pertinent to Software Supply Chain Security

Additional Information

Block takes a market-based approach to pay, and pay may vary depending on your location. U.S. locations are categorized into one of four zones based on a cost of labor index for that geographic area. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.

Zone A: USD $184,100 - USD $225,000
Zone B: USD $174,900 - USD $213,700
Zone C: USD $165,700 - USD $202,500
Zone D: USD $156,400 - USD $191,200

To find a location’s zone designation, please refer to this resource. If a location of interest is not listed, please speak with a recruiter for additional information. 

Benefits include the following:

• Healthcare coverage
• Retirement Plans including company match 
• Employee Stock Purchase Program
• Wellness programs, including access to mental health, 1:1 financial planners, and a monthly wellness allowance 
• Paid parental and caregiving leave
• Paid time off
• Learning and Development resources
• Paid Life insurance, AD&D. and disability benefits 
• Perks such as WFH reimbursements and free access to caregiving, legal, and discounted resources 

This role is also eligible to participate in Block's equity plan subject to the terms of the applicable plans and policies, and may be eligible for a sign-on bonus. Sales roles may be eligible to participate in a commission plan subject to the terms of the applicable plans and policies. Pay and benefits are subject to change at any time, consistent with the terms of any applicable compensation or benefit plans.

We’re working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace.

Block is a proud equal opportunity employer. We work hard to evaluate all employees and job applicants consistently, without regard to race, color, religion, gender, national origin, age, disability, pregnancy, gender expression or identity, sexual orientation, citizenship, or any other legally protected class.

We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. 

Learn more about our efforts to promote inclusion and diversity at block.xyz/inclusion

Additionally, we consider qualified applicants with criminal histories for employment on our team, and always assess candidates on an individualized basis. 

Block, Inc. (NYSE: SQ) is a global technology company with a focus on financial services. Made up of Square, Cash App, Spiral, TIDAL, and TBD, we build tools to help more people access the economy. Square helps sellers run and grow their businesses with its integrated ecosystem of commerce solutions, business software, and banking services. With Cash App, anyone can easily send, spend, or invest their money in stocks or Bitcoin. Spiral (formerly Square Crypto) builds and funds free, open-source Bitcoin projects. Artists use TIDAL to help them succeed as entrepreneurs and connect more deeply with fans. TBD is building an open developer platform to make it easier to access Bitcoin and other blockchain technologies without having to go through an institution.