Senior Embedded Security Engineer

Boston, MA, United States

Applications have closed

Block

Block is Square, Cash App, Spiral, TIDAL, TBD, and our foundational teams.

View company page

Company Description

Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.

Job Description

The Hardware and Embedded Security team is a specialized team within Block’s larger Information Security organization that supports product development teams to ensure hardware products are secure and meet compliance requirements.  As an Embedded Security Engineer on this team, you will have a hybrid role supporting security services related to signing and encryption of firmware, secure provisioning of hardware in a manufacturing environment, hardware device security assessment, cryptographic operations, firmware security, Android OS security, and offensive security such as fuzzing and penetration testing.   

Embedded Security Engineers are involved in all areas of hardware development, from design through firmware development and from prototyping through production manufacturing.  We are looking for smart, motivated engineers who want to build, refine, and occasionally break amazing things with us.  

You will:

  • Design, implement, deploy, and maintain security architectures and countermeasures to protect and enable innovative new Block devices
  • Balance the requirements of security, compliance, performance, power and cost for a diverse portfolio of embedded devices
  • Guide product developers in the utilization of security capabilities of commercial off the shelf hardware devices and the Android OS, and develop additional security mechanisms when design specific implementations are required
  • Maintain existing security services used by product teams to sign and encrypt firmware, and assist in evolving these services from datacenter to cloud environments
  • Support and evolve secure provisioning infrastructure deployed at factory and manufacturing sites
  • Evaluate the security of new product designs to determine vulnerability to a wide variety of attack vectors - and subsequently deploy countermeasures that defend against these attacks
  • Be an internal security subject matter expert, advocating for better security practices throughout Block, and driving product security decision making in a collaborative environment

Qualifications

Minimum of:

  • At least 8 years of experience in the embedded security area
  • Extensive knowledge of firmware and embedded operating system security principles (in particular, Android)
  • Understanding of different types of cryptography used in signing and encrypting data to provide authentication and/or confidentiality including PKI, ECC, AES, hashing, and Key Derivation Functions
  • Experience in reverse-engineering and exploitation of embedded or mobile systems, and design/development of exploit mitigation techniques
  • Experience with practical deployment of secure boot implementations, key management, and/or cryptographic architectures for extreme cost- and power-limited solutions
  • Professional low-level software development experience in C/C++ and ability to create automation/scripts in Python

Even Better:

  • Experience taking a hardware product from concept to mass production
  • Experience in security testing of mobile or embedded systems, including fuzzing or penetration testing
  • Experience in security code review and vulnerability triaging
  • Experience coding server or cloud based services in Java
  • Prior project work involving the use of hardware security modules
  • Experience with secure device provisioning in 3rd party environments
  • Familiarity with physical anti-tamper mechanisms, side-channel attacks, and fault injection attacks
  • Experience with payment industry standards or other government and international security standards including those from FIPS, ISO, CC.

Additional Information

Block takes a market-based approach to pay, and pay may vary depending on your location. U.S. locations are categorized into one of four zones based on a cost of labor index for that geographic area. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.

Zone A: USD $222,800 - USD $272,300
Zone B: USD $211,600 - USD $258,600
Zone C: USD $200,500 - USD $245,100
Zone D: USD $189,400 - USD $231,400

To find a location’s zone designation, please refer to this resource. If a location of interest is not listed, please speak with a recruiter for additional information. 

Benefits include the following:

  • Healthcare coverage
  • Retirement Plans including company match 
  • Employee Stock Purchase Program
  • Wellness programs, including access to mental health, 1:1 financial planners, and a monthly wellness allowance 
  • Paid parental and caregiving leave
  • Paid time off
  • Learning and Development resources
  • Paid Life insurance, AD&D. and disability benefits 
  • Perks such as WFH reimbursements and free access to caregiving, legal, and discounted resources 

This role is also eligible to participate in Block's equity plan subject to the terms of the applicable plans and policies, and may be eligible for a sign-on bonus. Sales roles may be eligible to participate in a commission plan subject to the terms of the applicable plans and policies. Pay and benefits are subject to change at any time, consistent with the terms of any applicable compensation or benefit plans.

We’re working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace.

Block is a proud equal opportunity employer. We work hard to evaluate all employees and job applicants consistently, without regard to race, color, religion, gender, national origin, age, disability, pregnancy, gender expression or identity, sexual orientation, citizenship, or any other legally protected class.

We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. 

Learn more about our efforts to promote inclusion and diversity at block.xyz/inclusion

Additionally, we consider qualified applicants with criminal histories for employment on our team, assessing candidates in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

Block, Inc. (NYSE: SQ) is a global technology company with a focus on financial services. Made up of Square, Cash App, Spiral, TIDAL, and TBD, we build tools to help more people access the economy. Square helps sellers run and grow their businesses with its integrated ecosystem of commerce solutions, business software, and banking services. With Cash App, anyone can easily send, spend, or invest their money in stocks or Bitcoin. Spiral (formerly Square Crypto) builds and funds free, open-source Bitcoin projects. Artists use TIDAL to help them succeed as entrepreneurs and connect more deeply with fans. TBD is building an open developer platform to make it easier to access Bitcoin and other blockchain technologies without having to go through an institution.

Tags: AES Android Automation Banking Blockchain C Cloud Compliance Crypto Cryptography Encryption Exploit Finance Hashing Java Offensive security Pentesting PKI Product security Prototyping Python Security assessment

Perks/benefits: Career development Equity Health care Insurance Parental leave Salary bonus Signing bonus Wellness

Region: North America
Country: United States
Job stats:  5  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.