Job Description

Application Security Engineers on the ProdSec Design  team ensure the safety of data and dollars entrusted to us by working to improve the security of Block applications. They collaborate with product teams in early design phase to identify and mitigate risks to Block through the following:

• Develop a deep technical understanding of the application and services. 
• Develop an understanding of the business and threat actors targeting our particular line of business. 
• Create threat models for core components at Block. 
• Dive deeper in existing threat models by performing a service by service security analysis.  
• Provide security consulting services by means of engineering design reviews and answering general security best practices questions. 
• Communicate the issues to teams across Block with clear risk ratings and mitigations. Assist with fixing issues as needed.
• Support response to vulnerabilities.
• Other supporting activities:
  • Security research
  • Automate discovery and fixing of issues through code scanning and tool improvements.
  • Create security guidance and reference architectures for secure design patterns.
  • Educate engineers on security best practices.  

Qualifications

• 3+ years of relevant security experience in security consulting or in product/infrastructure security demonstrating strong application security fundamentals.
• Good to have: 
  • Penetration testing experience - applications, mobile apps and/or cloud environments like AWS and GCP.
  • Code Review skills - Java, Ruby, Go, Node.js, etc. 
  • Knowledge of topics like identity, authentication and authorization
  • Basic cryptography primitives used in day-to-day operations. 
  • Basic scripting and automation skills.