Signals Development and Response Analyst
- San Francisco, CA, USA
- Current Square Employee?: Apply via go/jobs
The Square Security team works to ensure the security of every transaction from dip to receipt and beyond. We strive to provide a secure environment that allows Square to build world-class products for both customers and employees. Our ultimate goal is to ensure that every single experience with Square is simple, secure, and safe.
The Detection and Response Engineering team contributes to the overall mission through systems hardening, intrusion detection and incident response. We are an engineering focused team and prioritize our work using an attack-driven defensive approach to prioritize our preventive controls, detective controls, and response program based on real world attacker behaviors. We automate the detection of, and response to, attack techniques, proactively hunt for threats in the environment and are responsible for incident response. Additionally, we provide subject matter expertise to infrastructure and product teams to create and enforce policies that strive to harden our assets from attacks and improve our ability to generate strong signals. As a Signals Development and Response Analyst:
- Actively monitor, analyze and correlate activity, evaluate security incidents, perform research and provide in-depth incident analysis.
- Instrument and monitor clients, servers and networks to detect malicious behavior.
- Improve and automate internal capabilities for identifying, investigating, and responding to security events.
- Develop signals to identify suspicious activities across all of Squares properties
- Investigate suspicious activities and leverage tactical and technical capabilities to eradicate threats.
- Assist in the implementation of domain specific best practices for preventive controls.
- Manually hunt for malicious activity and provide a feedback loop to signal development.
- 5+ years of related experience.
- Demonstrated relevant experience as a key member of a detection and response team.
- Strong security knowledge in at least one of the following domains: AWS, Google Cloud Platform, Linux, macOS, Windows.
- Ability to work independently and lead projects and initiatives.
- Scripting experience (i.e. Ruby, Python, shell scripting).
- Work in the San Francisco or New York City office. Remote work in the USA or Canada is a possibility depending on experience. Occasional travel may be required.