Offensive Security Engineer

Company Description

Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.

Job Description

Block’s Offensive Security team is seeking a highly skilled and motivated Senior Offensive Security Engineer to join our team. In this role, you will play a critical role in proactively identifying and exploiting vulnerabilities within our systems and infrastructure, mimicking real-world attacker tactics. Your insights will be used to improve our overall security posture and ensure we stay ahead of evolving threats.

You will:

• Lead and execute complex Red Team engagements, simulating real-world attacker scenarios to uncover critical vulnerabilities across our network and applications.
• Identify, research, and exploit various vulnerabilities (including zero-days) to gain unauthorized access to systems and data.
• Develop custom tools, scripts, and exploit code.
• Document findings in a clear, concise, and actionable manner, including detailed reports with working proofs of concept and recommendations for remediation.
• Collaborate with the Blue Team and security leadership to prioritize vulnerabilities, develop mitigation strategies, and improve overall security posture.
• Participate in knowledge sharing by mentoring junior team members and presenting findings, including opportunities to present at external conferences.

Qualifications

You have:

• Minimum 5+ years of experience in offensive security engagements.
• Proven experience leading and executing Red Team engagements.
• Expertise in various operating systems (Mac, Linux, etc.) and scripting languages (Python, Ruby, etc.).
• Experience with exploit development and post-exploitation techniques.
• Excellent communication, collaboration, and problem-solving skills.
• Ability to work independently and manage multiple projects simultaneously.
• Strong understanding of the threat landscape and attacker motivations.

Bonus points for:

• Experience with responsible disclosure and publicly reported CVEs.
• Experience in a cloud environment (AWS, Azure, GCP).
• Experience in using C2s and developing and deploying custom C2 and implants.

Additional Information

Block takes a market-based approach to pay, and pay may vary depending on your location. U.S locations are categorized into one of four zones based on a cost of labor index for that geographic area. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.

Zone A: USD $163,600 - USD $245,400
Zone B: USD $155,400 - USD $233,200
Zone C: USD $147,300 - USD $220,900
Zone D: USD $139,000 - USD $208,600

To find a location’s zone designation, please refer to this salary-zones">resource. If a location of interest is not listed, please speak with a recruiter for additional information. 

Full-time employee benefits include the following:

• Healthcare coverage (Medical, Vision and Dental insurance)
• Health Savings Account and Flexible Spending Account
• Retirement Plans including company match 
• Employee Stock Purchase Program
• Wellness programs, including access to mental health, 1:1 financial planners, and a monthly wellness allowance 
• Paid parental and caregiving leave
• Paid time off (including 12 paid holidays)
• Paid sick leave (1 hour per 26 hours worked (max 80 hours per calendar year to the extent legally permissible) for non-exempt employees and covered by our Flexible Time Off policy for exempt employees) 
• Learning and Development resources
• Paid Life insurance, AD&D, and disability benefits 

These benefits are further detailed in Block's policies. This role is also eligible to participate in Block's equity plan subject to the terms of the applicable plans and policies, and may be eligible for a sign-on bonus. Sales roles may be eligible to participate in a commission plan subject to the terms of the applicable plans and policies. Pay and benefits are subject to change at any time, consistent with the terms of any applicable compensation or benefit plans.

We’re working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace. Block is a proud equal opportunity employer. We work hard to evaluate all employees and job applicants consistently, without regard to race, color, religion, gender, national origin, age, disability, veteran status, pregnancy, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. 

We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. Want to learn more about what we’re doing to build a workplace that is fair and square? Check out our I+D page.

Additionally, we consider qualified applicants with criminal histories for employment on our team, assessing candidates in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

We’ve noticed a rise in recruiting impersonations across the industry, where individuals are sending fake job offer emails. Contact from any of our recruiters or employees will always come from an email address ending with @block.xyz, @squareup.com, @tidal.com, or @afterpay.com, @clearpay.co.uk.

Block, Inc. (NYSE: SQ) is a global technology company with a focus on financial services. Made up of Square, Cash App, Spiral, TIDAL, and TBD, we build tools to help more people access the economy. Square helps sellers run and grow their businesses with its integrated ecosystem of commerce solutions, business software, and banking services. With Cash App, anyone can easily send, spend, or invest their money in stocks or Bitcoin. Spiral (formerly Square Crypto) builds and funds free, open-source Bitcoin projects. Artists use TIDAL to help them succeed as entrepreneurs and connect more deeply with fans. TBD is building an open developer platform to make it easier to access Bitcoin and other blockchain technologies without having to go through an institution.

While there is no specific deadline to apply for this role, on average, U.S. open roles are posted for 70 days before being filled by a successful candidate.