Senior Embedded Security Engineer

Senior Embedded Security Engineer

at Square

San Francisco, CA

Company Description

We believe everyone should be able to participate and thrive in the economy. So we’re building tools that make commerce easier and more accessible to all. We started with a little white credit card reader but haven’t stopped there. Our new reader helps our sellers accept chip cards and NFC payments, and our Cash app lets people pay each other back instantly. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. Let’s shorten the distance between having an idea and making a living from it. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.

Job Description

Square’s Information Security culture is focused on enabling our engineering teams build and ship products. We work to achieve this by designing, building, and deploying state of the art security features alongside our product teams.

Embedded Security Engineers specialize in the security concerns surrounding Square’s hardware products, including our readers and custom Android devices like Square Register.  Embedded Security Engineers are involved in all areas of hardware development, from design through firmware development and from prototyping through production manufacturing.  We are looking for smart, motivated engineers who want to build, refine, and occasionally break amazing things with us.  

You will:

  • Design, implement, deploy, and maintain security architectures and countermeasures to protect and enable innovative new hardware products
  • Balance security, compliance, performance, power and cost for a diverse portfolio of embedded devices and the associated manufacturing and backend infrastructure
  • Evaluate the security of new product designs to determine vulnerability to a wide variety of attack vectors - and subsequently deploy countermeasures that defend against these attacks
  • Act as an internal security subject matter expert, advocating for better security practices throughout Square

Qualifications

You have:

  • Extensive knowledge of firmware and embedded operating system security principles
  • Strong understanding of cryptography, protocol design and analysis
  • Demonstrated experience with practical deployment of secure boot implementations, key management, and/or cryptographic architectures for extreme cost- and power-limited solutions
  • Professional software development experience in C, Ruby, Python, and/or Java

Even Better:

  • Experience taking a hardware product from concept to mass production
  • Prior project work involving hardware security modules and device provisioning infrastructure
  • Reverse-engineering and exploitation of embedded systems hardware, software, and protocols
  • Familiarity with physical anti-tamper mechanisms, side-channel attacks, and fault injection attacks
  • Experience with payment industry standards or other government and international security standards including those from FIPS, ISO, CC.