Block is a company focused on economic empowerment, and they are seeking a Principal Security Engineer to lead software security initiatives. The role involves setting technical strategies, driving security innovation, and collaborating with engineering teams to ensure security is integrated into product development.
Responsibilities:
- Deliver world-class and innovative software solutions to security problems, tackling Block's top risks such as technology fragmentation and security after-the-fact
- Define the multi-year technical strategy for software security at Block, guiding architectural decisions and ensuring alignment with engineering best practices
- Identify and lead the development and implementation of common, high-leverage security solutions and infrastructure across Block's business units (Square, Cash App, TBD, etc.) to combat data sprawl and overpermissioning
- Drive engineering excellence, specifically around security, for critical systems like tokenization platforms, ensuring integrity, performance, and scalability
- Spearhead the security strategy and engineering excellence for mobile software and platforms across Block's product ecosystem
- Champion security reliability engineering (SecRelEng) practices to improve the overall resilience and availability of security services and infrastructure
- Lead technical planning and implementation for high-priority security initiatives, acting as a technical decision maker/tie-breaker and upholding high technical standards
- Partner with engineering leaders to integrate security practices early into the development lifecycle (Secure SDLC) and provide security architecture review and threat modeling for critical systems
- Foster technical excellence within InfoSec and mentor engineers on technical execution, system design, and technology choices, driving knowledge sharing and documentation
Requirements:
- Track record of exemplary technical leadership and decision-making at a Principal or equivalent level (L8+ technical capabilities preferred)
- 10+ years of experience developing and shipping production software and critical services, with a minimum of 5 years focused on establishing and scaling security practices in a large, modern technology environment
- Mastery of system design and architecture, with demonstrable experience solving ambiguous, domain-heavy problems by structuring the approach, clarifying scope, and driving clarity among stakeholders
- Deep technical understanding of security vulnerabilities, risks, countermeasures, and compensating controls, particularly in high-volume, real-time transaction processing environments
- Exceptional collaboration and communication skills, with proven ability to influence executive leadership and direct engineering teams in prioritizing security roadmap items to balance security and business risks
- Demonstrable ability to write production-quality code/script for security automation and tooling
- Experience leading and driving significant technical initiatives across multiple team, organizational and product boundaries
- Experience in the financial technology, payments, or cryptocurrency/bitcoin domain, reflecting Block's unique security characteristics
- Experience improving engineering standards and practices for security, and building systems to achieve sub-linear growth of security resources relative to the business (Design for Leverage, Not Coverage)