Staff Product Security Engineer

Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.

The Role

Block's Product Security Engineering team is hiring a Product Security Engineer to help drive innovation in security engineering through automation, AI, and deep technical expertise. You'll be part of a specialized group that secures our development lifecycle, empowers our engineers, and builds state-of-the-art security services.

This role goes beyond general software engineering -- we want an engineer with expert‑level insight into widespread vulnerabilities and the skill to build scalable, end‑to‑end defenses for all of Block's products.

As part of a growing and technically advanced team, you'll partner with product, platform, and infrastructure teams to build security into the paved rails used by software engineers across all Block brands.

In ProdSecEng we don't just want to find vulnerabilities, we want to be part of systemically fixing them at scale. By combining secure frameworks, SAST tools and experiments with AI we aim to redefine how security vulnerabilities are identified, resolved and most importantly prevented in the future.

You Will

• Build and maintain security tools: Develop and mature internal security services that protect source code, automate vulnerability detection, and support secure SDLC practices.
• Contribute to AI-based solutions: Work on AI initiatives for vulnerability detection and remediation, including integrations with LLMs across a range of providers. Our contributions extend to experimental tools that push traditional security boundaries, such as Block's open-source Codename Goose.
• Lead security engineering initiatives: We are a cross functional team and often collaborate with domain specific engineering functions such as CI/CD teams, directly consult with product teams, participate in audits alongside our GRC team, and help respond to security incidents where appropriate.
• Mentor and elevate: Foster a culture of mentorship and knowledge sharing within a senior team distributed across the US, Canada, and Australia.
• Contribute to vulnerability management: Identify and submit vulnerabilities, support priority remediation, and engage with the broader vulnerability management program.
• Operate across products: Apply your expertise to secure a variety of products and services within Block's portfolio, including complex distributed systems.

You Have

• Familiarity with SAST tooling: At Block we make heavy use of SAST tools to help prevent bad patterns at scale. We are heavy users of CodeQL and Semgrep but built our code-security program to allow for tooling flexibility.
• Deep knowledge in vulnerability mechanics and mitigation strategies: We believe that looking at security through an offensive lens allows us to provide better guidance and tooling for our partner teams. The role does not primarily involve pentesting but an offensive security mindset can help improve the quality of our detection and remediation efforts.
• AI and automation interest: ProdSecEng has a culture of building and automating security. We love using the best tools for the job and have a passion for leveraging emerging technologies such as AI to better protect our customers.
• Strong engineering skills: Comfortable writing secure code, reviewing code for security issues, automating workflows, and working within (and securing) GitHub-based environments is vital.
• Network edge security experience: ProdSecEng team members aim to support the wider security and engineering function by protecting our network's perimeter. We highly value experience mitigating network-based security threats from bot attacks or leading incident response efforts (bonus: familiarity with CDN providers such as Cloudflare and Fastly).
• Collaborative mindset: ProdSecEng is a customer focused team and our customers are primarily our peers across engineering. The ability to work effectively with cross-functional partners, including developers, auditors, and security analysts to achieve team goals is vital.
• Remote and async effectiveness: Experience working across time zones and using rituals (stand-ups, retros, sprint planning) to stay connected.

Every benefit we offer is designed with one goal: empowering you to do the best work of your career while building the life you want. Remote work, medical insurance, flexible time off, retirement savings plans, and modern family planning are just some of our offering. Check out our other benefits at Block.

Block, Inc. (NYSE: XYZ) builds technology to increase access to the global economy. Each of our brands unlocks different aspects of the economy for more people. Square makes commerce and financial services accessible to sellers. Cash App is the easy way to spend, send, and store money. Afterpay is transforming the way customers manage their spending over time. TIDAL is a music platform that empowers artists to thrive as entrepreneurs. Bitkey is a simple self-custody wallet built for bitcoin. Proto is a suite of bitcoin mining products and services. Together, we’re helping build a financial system that is open to everyone.

Privacy Policy