Senior Product Security Engineer
San Francisco, CA
We believe everyone should be able to participate and thrive in the economy. So we’re building tools that make commerce easier and more accessible to all. We started with a little white credit card reader but haven’t stopped there. Our new reader helps our sellers accept chip cards and NFC payments, and our Cash app lets people pay each other back instantly. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. Let’s shorten the distance between having an idea and making a living from it. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.
Square’s Information Security culture is focused on enabling our engineering teams build and ship products. Product Security is separate from the product engineering organizations and is part of infosec. As a Senior Product Security Engineer at Square you will be responsible for the security of many of those products.
The Product Security team’s mission is to ensure that our products and features are built with security in mind, minimizing security relevant mistakes, while still enabling the product to flourish. This is accomplished by exposing the security risks associated with the products, working with the product team to weigh those risks against the product goals, and advising the team on how to mitigate any unavoidable risks.
This is a senior role where you will be responsible for driving down the security risk of one of Square’s products and opportunistically across the organization. As a Product Security team member you are expected to be the business and technical security subject matter expert to the product team. You are their resource and responsible for helping to navigate the product down the correct path. This is a unique role with lots of exposure to all levels of the organization where you can help mold the products Square produces.
- Be responsible for strategically engaging product teams, providing secure application architecture and risk / mitigation advice for all phases of the development lifecycle
- Deep dive into the technical underpinnings of how a product works
- Understand business goals and weigh them against security risks
- Help teams make informed decisions on whether to avoid, mitigate, or accept risks
- Analyze the state of security of a product which includes understanding the operational maturity of team and capabilities of abuse detection / response.
- Perform exercises like threat modeling and attack graphs to understand mitigation effectiveness
- Be the security subject matter expert in the context of specific products
- Drive initiatives to reduce security exposure of a single product as well as across all products
- Establish trust and build relationships with all levels of a product team (General Manager, Engineering Managers, Product Managers, Engineers, etc)
- Guide product teams to prioritize security features alongside product features
- Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls
- Strong business sense, with entrepreneurial or startup experience preferred
- Previous professional information security experience, with penetration testing or "breaker" experience preferred
- Comfortable looking at code to determine security implications
- Great interpersonal and communication skills
- Natural leadership instincts with proven ability to innovate
- Ability to work well with all levels of the product organization
- Documentation-driven workflow and data-driven decision making
- Prior experience at a startup or consumer internet company
- Comfort in a fast-paced and dynamic environment
- Passion for Square and new technology (our main languages are Java, Ruby, Golang)