Staff Product Security Engineer

Block is one company built from many blocks all united by the same purpose of economic empowerment. The blocks that form our foundational teams People Finance Counsel Hardware Information Security Platform Infrastructure Engineering and more provide support and guidance at the corporate level. They work across business groups and around the globe spanning time zones and disciplines to develop inclusive People policies forecast finances give legal counsel safeguard systems nurture new initiatives and more. Every challenge creates possibilities and we need different perspectives to see them all. Bring yours to Block.

The Role

Blocks Product Security Engineering team is hiring a Product Security Engineer to help drive innovation in security engineering through automation AI and deep technical expertise. Youll be part of a specialized group that secures our development lifecycle empowers our engineers and builds state-of-the-art security services.

This role goes beyond general software engineering -- we want an engineer with expertlevel insight into widespread vulnerabilities and the skill to build scalable endtoend defenses for all of Blocks products.

As part of a growing and technically advanced team youll partner with product platform and infrastructure teams to build security into the paved rails used by software engineers across all Block brands.

In ProdSecEng we dont just want to find vulnerabilities we want to be part of systemically fixing them at scale. By combining secure frameworks SAST tools and experiments with AI we aim to redefine how security vulnerabilities are identified resolved and most importantly prevented in the future.

You Will

• Build and maintain security tools: Develop and mature internal security services that protect source code automate vulnerability detection and support secure SDLC practices.
• Contribute to AI-based solutions: Work on AI initiatives for vulnerability detection and remediation including integrations with LLMs across a range of providers. Our contributions extend to experimental tools that push traditional security boundaries such as Blocks open-source Codename Goose.
• Lead security engineering initiatives: We are a cross functional team and often collaborate with domain specific engineering functions such as CI/CD teams directly consult with product teams participate in audits alongside our GRC team and help respond to security incidents where appropriate.
• Mentor and elevate: Foster a culture of mentorship and knowledge sharing within a senior team distributed across the US Canada and Australia.
• Contribute to vulnerability management: Identify and submit vulnerabilities support priority remediation and engage with the broader vulnerability management program.
• Operate across products: Apply your expertise to secure a variety of products and services within Blocks portfolio including complex distributed systems.

You Have

• Familiarity with SAST tooling: At Block we make heavy use of SAST tools to help prevent bad patterns at scale. We are heavy users of CodeQL and Semgrep but built our code-security program to allow for tooling flexibility.
• Deep knowledge in vulnerability mechanics and mitigation strategies: We believe that looking at security through an offensive lens allows us to provide better guidance and tooling for our partner teams. The role does not primarily involve pentesting but an offensive security mindset can help improve the quality of our detection and remediation efforts.
• AI and automation interest: ProdSecEng has a culture of building and automating security. We love using the best tools for the job and have a passion for leveraging emerging technologies such as AI to better protect our customers.
• Strong engineering skills: Comfortable writing secure code reviewing code for security issues automating workflows and working within (and securing) GitHub-based environments is vital.
• Network edge security experience: ProdSecEng team members aim to support the wider security and engineering function by protecting our networks perimeter. We highly value experience mitigating network-based security threats from bot attacks or leading incident response efforts (bonus: familiarity with CDN providers such as Cloudflare and Fastly).
• Collaborative mindset: ProdSecEng is a customer focused team and our customers are primarily our peers across engineering. The ability to work effectively with cross-functional partners including developers auditors and security analysts to achieve team goals is vital.
• Remote and async effectiveness: Experience working across time zones and using rituals (stand-ups retros sprint planning) to stay connected.

Required Experience:

Staff IC