Embedded Security Engineer
- San Francisco, CA
- Employees can work remotely
- Alternate Location: New York, United States
- Position open to remote: Yes
Square builds common business tools in unconventional ways so more people can start, run, and grow their businesses. When Square started, it was difficult and expensive (or just plain impossible) for some businesses to take credit cards. Square made credit card payments possible for all by turning a mobile phone into a credit card reader. Since then Square has been building an entire business toolkit of both hardware and software products including Square Capital, Square Terminal, Square Payroll, and more. We’re working to find new and better ways to help businesses succeed on their own terms—and we’re looking for people like you to help shape tomorrow at Square.
Square’s Information Security culture is focused on enabling our engineering teams to build and ship products. We achieve this by designing, building, and deploying state of the art security features alongside our product teams.
Embedded Security Engineers specialize in the security concerns surrounding Square’s hardware products, including our readers and custom Android devices like Square Register. Embedded Security Engineers are involved in all areas of hardware development, from design through firmware development and from prototyping through production manufacturing. We are looking for smart, motivated engineers who want to build, refine, and occasionally break amazing things with us.
- Design, implement, deploy, and maintain security architectures and countermeasures to protect and enable innovative new Square payment devices
- Balance security, compliance, performance, power and cost for a diverse portfolio of embedded devices and the associated manufacturing and backend infrastructure
- Evaluate the security of new product designs to determine vulnerability to a wide variety of attack vectors - and subsequently deploy countermeasures that defend against these attacks
- Be an internal security subject matter expert, advocating for better security practices throughout Square, and driving product security decision making in a collaborative environment
You have two or more of the following:
- Extensive knowledge of firmware and embedded operating system, or mobile operating system (in particular, Android) security principles
- Strong understanding of cryptography, protocol design and analysis
- Experience in reverse-engineering and exploitation of embedded or mobile systems, and design/development of exploit mitigation techniques
- Experience with practical deployment of secure boot implementations, key management, and/or cryptographic architectures for extreme cost- and power-limited solutions
- Professional software development experience in C/C++, Ruby, Python, Go and/or Java
At least 3 years of experience in the embedded security area.
- Experience taking a hardware product from concept to mass production
- Experience in security testing of mobile or embedded systems, including fuzzing or penetration testing
- Experience in security code review and vulnerability triaging
- Experience in security incident response
- Prior project work involving hardware security modules and device provisioning infrastructure
- Familiarity with physical anti-tamper mechanisms, side-channel attacks, and fault injection attacks
- Experience with payment industry standards or other government and international security standards including those from FIPS, ISO, CC.
At Square, we want you to be well and thrive. Our global benefits package includes:
- Healthcare coverage
- Retirement Plans
- Employee Stock Purchase Program
- Wellness perks
- Paid parental leave
- Flexible time off
- Learning and Development resources