Senior Software Engineer, Infrastructure Security
- San Francisco, CA
- Employees can work remotely
- Alternate Location: Seattle, United States
Square builds common business tools in unconventional ways so more people can start, run, and grow their businesses. When Square started, it was difficult and expensive (or just plain impossible) for some businesses to take credit cards. Square made credit card payments possible for all by turning a mobile phone into a credit card reader. Since then Square has been building an entire business toolkit of both hardware and software products including Square Capital, Square Terminal, Square Payroll, and more. We’re working to find new and better ways to help businesses succeed on their own terms—and we’re looking for people like you to help shape tomorrow at Square.
Square’s Security culture is focused on helping our engineering teams to build and ship secure products. We achieve this by building, and operating state-of-the-art security alongside our product and infrastructure teams.
The Software Supply Chain Security team, within Infrastructure Security, is focused on ensuring that the code Square ships is as secure as possible. We blend third-party tooling with in-house systems to improve the security of many types of code including backend, frontend, infrastructure, and mobile.
Build and design systems that secure the entirety of Square's software supply chain.
Build and integrate systems detecting third-party vulnerabilities in libraries, OS and container components, etc.
Integrate with our Github, CI/CD, and build attestation systems.
Partner effectively with Square's infrastructure teams and other security teams.
Collaborate with developers across Square to ensure our systems are embedded in their workflows.
Learn about security and apply that knowledge towards real-world problems.
8+ years of industry experience as a programer, developer, SWE, or similar job roles.
A strong interest in security and growing your career in the direction of InfoSec (prior experience in InfoSec not required).
Experience with DevOps, infrastructure code, and similar is helpful but not required.
Technologies we use and teach:
Ruby & Java
Linux, Docker, etc