Job Description

Cash Security makes protecting data easy by building self-service APIs and governance frameworks. We collaborate with platform and product development teams across the Cash ecosystem to help them autonomously understand how to meet governance requirements, protect against malicious attacks, respect our customers’ privacy, and ultimately maintain trust. We provide guidance to our stakeholder teams around compliance, privacy, and security in order to help them confidently manage these risks within their domains while ensuring that their decisions do not have broader downsides.

On Cash Product Security, we believe that security is the responsibility of everyone, especially those who ship product solutions. We work closely with the product engineering organization to enable teams to make great security decisions on behalf of their customers. The Data Safety sub-team focuses on protecting Cash App’s most important asset: our customers’ data. We work across Cash and the Block enterprise to identify, measure and reduce risk related to handling consumer data. We protect Cash App customers from data misuse as we scale to 100M monthly active users and beyond. 

We iteratively build tools and abstractions to:

• ensure the safe handling of data at collection time, at rest, and in transit
• align engineering strategy with security governance goals and global compliance regime requirements
• govern the data lifecycle 
• highlight insights about business risks to allow teams to take action and ownership
• empower machine learning and product engineering teams to own their data security posture with confidence
• make the secure choice also the easy choice for other engineers

Qualifications

You have experience with some of the following:

• Building security tools for other engineers to use
• Machine learning and big data platforms and tools, including building first-party or bespoke ML infrastructure
• Working with cross-functional stakeholders across teams, verticals, and business units, and partnering with other teams to achieve great security outcomes
• Creating and maintaining teamprocesses that allow the team to protect their time while satisfying our internal customers’ needs
• High-level understanding of consumer data privacy regulations and concepts, like GDPR, CCPA, and the right to be forgotten

Our partner teams use the following tools:

• AWS and GCP
• DynamoDB and MySQL
• Kotlin, Go, Java Microservices
• Data platforms like Snowflake and Databricks
• Machine learning platforms like Tecton and Prefect

Tools we teach, use, and build:

• In-database encryption libraries for Hibernate, DynamoDB, and jOOQ
• Homegrown open-source tools like Pivit and Trifle