Senior Embedded Security Engineer
- San Francisco, CA
We believe the economy is better when everyone has access. When everyone has room to grow. No one should be left out because the cost is too great or the technology too complex. We started with a little white credit card reader but haven’t stopped there. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.
Square’s Information Security culture is focused on enabling our engineering teams build and ship products. We work to achieve this by designing, building, and deploying state of the art security features alongside our product teams.
Embedded Security Engineers specialize in the security concerns surrounding Square’s hardware products, including our readers and custom Android devices like Square Register. Embedded Security Engineers are involved in all areas of hardware development, from design through firmware development and from prototyping through production manufacturing. We are looking for smart, motivated engineers who want to build, refine, and occasionally break amazing things with us.
Design, implement, deploy, and maintain security architectures and countermeasures to protect and enable innovative new Square payment devices
Balance security, compliance, performance, power and cost for a diverse portfolio of embedded devices and the associated manufacturing and backend infrastructure
Evaluate the security of new product designs to determine vulnerability to a wide variety of attack vectors - and subsequently deploy countermeasures that defend against these attacks
Act as an internal security subject matter expert, advocating for better security practices throughout Square
You have two or more of the following:
Extensive knowledge of firmware and embedded operating system, or mobile operating system (in particular, Android) security principles
Strong understanding of cryptography, protocol design and analysis
Experience in reverse-engineering and exploitation of embedded or mobile systems, and design/development of exploit mitigation techniques
Demonstrated experience with practical deployment of secure boot implementations, key management, and/or cryptographic architectures for extreme cost- and power-limited solutions
Professional software development experience in C/C++, Ruby, Python, and/or Java
Experience taking a hardware product from concept to mass production
Experience in security testing of mobile or embedded systems, including fuzzing or penetration testing
Experience in security code review and vulnerability triaging
Prior project work involving hardware security modules and device provisioning
At Square, our purpose is to empower – within and outside of our walls. In order to build the best tools for the businesses and customers we support all over the world, we have to start at home with a workforce as diverse and empowered as our sellers. To this end, we take great care to evaluate all employees and job applicants equally, based on merit, competence, and qualifications. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by law. We encourage candidates from all backgrounds to apply and always consider qualified applicants with arrest and conviction records, in accordance with the San Francisco Fair Chance Ordinance. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at)squareup.com. We will treat your request as confidentially as possible. In your email, please include your name and preferred method of contact, and we will respond as soon as possible.