Senior Infrastructure Security Engineer

Square builds common business tools in unconventional ways so more people can start, run, and grow their businesses. When Square started, it was difficult and expensive (or just plain impossible) for some businesses to take credit cards. Square made credit card payments possible for all by turning a mobile phone into a credit card reader. Since then Square has been building an entire business toolkit of both hardware and software products including Square Capital, Square Terminal, Square Payroll, and more. We’re working to find new and better ways to help businesses succeed on their own terms—and we’re looking for people like you to help shape tomorrow at Square.

Square’s Information Security culture is focused on enabling our engineering teams to build and ship secure products. We achieve this by designing, building, and deploying state of the art security alongside our product and infrastructure teams.

The Software Supply Chain Security team, within Infrastructure Security, is focused on ensuring that the code Square ships is as secure as possible. We blend third-party tooling with in-house systems to improve the security of many types of code including backend, frontend, infrastructure, and mobile.

You will:

• Harden Square’s build systems and overall software supply chain by designing, architecting and building security services. Your work leading the implementation of security systems will have a broad impact across Square’s software development organization, securing the critical systems for delivering our products.

• Partner with groups across the company to secure multiple different CI and build systems (notably for web apps, mobile apps, hardware, etc) and programming languages. 

• Collaborate with software engineers across the company to implement solutions that “grease the wheels” of security best practices from commit to artifact

• Work remotely or in any Square office location in the USA or Canada. Occasional travel may be required for team offsites after the pandemic. SSCS is a fully distributed team.

Desired Background:

• 6+ years total experience in tech, with at least 3 years of experience in security

• You work well cross-functionally, and can communicate with audiences who may not have a security background.

• You have worked both in information security (Application Security, Detection/Response, Blue Team, Red Team, etc), and at least one other discipline such as systems, software engineering, test, etc.

• You have experience securing multiple different build & CI systems and have interest in or experience with build attestation systems. You are also familiar with the software development process and have worked closely with engineers.

• You are familiar with at least one cloud platform (AWS, GCP, etc) or on-prem infrastructure deployments.

• You have experience writing code to solve security issues. This could be writing security tools, integrating security into products, or automation/management of security-sensitive environments.

• Interest in Software Supply Chain Security (no experience required)

Technologies We Use & Teach:

• Ruby and Rails

• Kubernetes

• Jenkins, BuildKite, TravisCI

• AWS, GCP & on-Prem infrastructure

• Grafeas, build attestation systems, and other tools pertinent to Software Supply Chain Security

We’re working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace. Square is a proud equal opportunity employer. We work hard to evaluate all employees and job applicants consistently, without regard to race, color, religion, gender, national origin, age, disability, pregnancy, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. 

We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. Want to learn more about what we’re doing to build a workplace that is fair and square? Check out our I+D page. 

Additionally, we consider qualified applicants with criminal histories for employment on our team, and always assess candidates on an individualized basis.

Perks

We want you to be well and thrive. Our global benefits package includes:

• Healthcare coverage
• Retirement Plans
• Employee Stock Purchase Program
• Wellness perks
• Paid parental leave
• Paid time off
• Learning and Development resources

Square, Inc. (NYSE: SQ) builds tools to empower businesses and individuals to participate in the economy. Sellers use Square to reach buyers online and in person, manage their business, and access financing. Individuals use Cash App to spend, send, store, and invest money. And TIDAL is a global music and entertainment platform that expands Square's purpose of economic empowerment to artists. Square, Inc. has offices in the United States, Canada, Japan, Australia, Ireland, Spain, Norway, and the UK.