Senior Software Security Engineer - Product
Company Description
It all started with an idea at Block in 2013. Initially built to take the pain out of peer-to-peer payments, Cash App has gone from a simple product with a single purpose to a dynamic ecosystem, developing unique financial products, including Afterpay/Clearpay, to provide a better way to send, spend, invest, borrow and save to our 47 million monthly active customers. We want to redefine the world's relationship with money to make it more relatable, instantly available, and universally accessible.
Today, Cash App has thousands of employees working globally across office and remote locations, with a culture geared toward innovation, collaboration and impact. We've been a distributed team since day one, and many of our roles can be done remotely from the countries where Cash App operates. No matter the location, we tailor our experience to ensure our employees are creative, productive, and happy.
Check out our locations, benefits, and more at cash.app/careers.
Job Description
About Cash Security
At Cash, security is everyone's responsibility, especially among engineering disciplines. Cash Security is a multidisciplinary team, closely aligned to the needs of the business. The team is composed of multiple engineering and governance teams, each specializing and collaboratively solving the security, privacy and governance needs alongside their partner organizations.
About Product Security Engineering
The Product Security engineering team focuses on protecting Cash App's customer data throughout the product engineering's technology stacks. We are a hands-on, engineering-driven security team, which aligns security engineers toward product teams, across the entire Cash App organization. We continually raise the overall trust of Cash App's products by building high leverage security abstractions into the technology stacks our partners utilize. We collaborate on building these security infrastructures, design patterns, and guidelines. We accomplish our goals by treating security engineering as a discipline, offering our expertise to technical and non-technical stakeholders. We secondarily abstract bespoke security solutions into reusable infrastructure, sharing our learnings, best practices, and solutions across the organization.
Our mission is to empower Cash engineers to protect our customers' data in every aspect of the product and data life cycle; by providing reusable primitives and scalable platforms.
As a Product Security Engineer, you'll work within the product engineering organization to:
- Work with product teams to threat-model Cash App features and identify vulnerabilities.
- Design, build, and own the security & privacy mechanisms and features which support product engineering teams and customer operations.
- Drive the direction of the organization by productionizing common security patterns and working toward our security roadmap.
- Design, apply, and develop security primitives to protect data.
- Identify and remedy potential security risks to our customers' data.
- Partner with product teams to implement relevant regulatory data privacy considerations.
- Help the engineers around you level-up on their own security reasoning and knowledge.
Examples of our previous work include:
- CashApp's open source mobile client security SDK [ GitHub ]
- General purpose multi-party authorization framework
- Context aware audit logging functionality
- Drive the adoption of policy as code
- Cash's Field Level Encryption (FLE) framework [ Blog ]
Qualifications
You have:
- Experience demonstrating technical initiative and leadership through the end-to-end delivery of products in the security space
- You enjoy solving problems at scale, through hands-on problem solving
- Strong desire to perform and grow as a security engineer and educate other engineers
- An interest in working on a product that impacts people/businesses directly
- You have an aptitude for applied cryptography, security, and strong software engineering fundamentals
Tools we use and teach:
- AWS KMS and Google's Tink Cryptographic APIs
- Android / iOS mobile development
- Java 11 including JUnit, Hibernate, and Guice
- Kotlin
- HTTP, JSON, gRPC, and Protocol Buffers
- MySQL, DynamoDB
- Operating microservices, Kubernetes, Terraform
Qualifications
You have:
- Experience demonstrating technical initiative and leadership through the end-to-end delivery of products in the security space
- You enjoy solving problems at scale, through hands-on problem solving
- Strong desire to perform and grow as a security engineer and educate other engineers
- An interest in working on a product that impacts people/businesses directly
- You have an aptitude for applied cryptography, security, and strong software engineering fundamentals
Tools we use and teach:
- AWS KMS and Google's Tink Cryptographic APIs
- Android / iOS mobile development
- Java 11 including JUnit, Hibernate, and Guice
- Kotlin
- HTTP, JSON, gRPC, and Protocol Buffers
- MySQL, DynamoDB
- Operating microservices, Kubernetes, Terraform