We believe everyone should be able to participate and thrive in the economy. So we’re building tools that make commerce easier and more accessible to all. We started with a little white credit card reader but haven’t stopped there. Our new reader helps our sellers accept chip cards and NFC payments, and our Cash app lets people pay each other back instantly. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. Let’s shorten the distance between having an idea and making a living from it. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.

We’re looking for an eager and diligent Security Analyst to conduct daily operational tasks within Information Security. This individual will work closely with Square’s Security Program Manager to execute Square’s vulnerability management program, vendor security management process, and external bug bounty. This individual will also provide periodic operational support for audit data gathering.

You will:

• Daily inspection of Square’s internal vulnerability queue.
  • Notify responsible stakeholders of vulnerabilities that are out of SLA.
  • Notify responsible stakeholders of vulnerabilities that have been re-opened.
  • Provide some limited vulnerability verification help to teams.
  • Provide limited reporting and analysis support for status of vulnerabilities across company.
• Daily inspection of Square’s external bug bounty queue.
  • File externally reported bug bounty issues as internal tickets and assign to appropriate teams.
  • Coordinate with Security Program Manager to issue appropriate rewards to security researchers.
• Process vendor security review requests
  • Collaborate closely with Procurement, Legal, and Security Program Management to review products/companies for adherence to Square’s security policies and requirements
  • Periodic reviews of existing vendors for adherence to Square’s security policies and requirements
• Periodic role and access review
  • Work with Identity and Access Management to verify access grants have been correctly provisioned/de-provisioned.
• Compliance data gathering support
  • Support Data Security Governance in gathering technical evidence (logs, system screenshots, etc.)  to support compliance efforts.

You have:

• Strong verbal and written communication skills
• Strong office computing experience
• Familiarity with bug tracking/ticketing systems

Even better:

• 1+ years experience as an analyst in Information Security, Risk, Fraud Prevention or equivalent training
• Familiarity with JIRA and Atlassian productivity tools
• Automation/scripting experience
• Familiarity with vulnerability scanning and security testing tools
• Strong interest to learn and grow within Information Security

Reasons you will LOVE this position:

• You enjoy collaborating with others to deliver results as a team.
• You are looking to join and learn from a dynamic, friendly team of security experts.
• You want to own critical functions of an Information Security program.
• You’re looking for the freedom to explore security automation.
• You want to join a successful, rapidly growing company that’s helping provide economic empowerment to everyone.

Reasons you will NOT LOVE this position:

• You’re not interested in learning on the job
• You’re uncomfortable asking for help from others

At Square, we value diversity and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.