Jobs · Information Technology

Senior Security Engineer, Platform Security

Block · San Francisco Bay Area · 2 wk ago
RemoteRemoteInformation Technology$218k–$327k/yrFull-time

About the role

The Platform Security team at Block is responsible for securing cloud infrastructure and services across multiple business units including Square, Cash, and Afterpay. We aim to secure Block's cloud, compute, and network infrastructure at scale and drive the creation of cloud security policy and best practices.

Responsibilities

  • Architect and evolve cloud security guardrails. Design and implement SCPs, GCP org policies, and IAM controls that shape how Block uses cloud infrastructure for years to come.
  • Build automation to discover, measure, and contextualize security issues. Develop integrations with CSPM/DSPM tools and internal platforms to surface and prioritize findings.
  • Own the cloud security exception lifecycle. Build and maintain the tooling and processes that allow teams to request, review, and track security exceptions at scale.
  • Partner with platform teams to deliver solutions that permanently eliminate entire categories of cloud security risk.
  • Deliver key cloud security assurance functions. Balance the need to remediate critical misconfigurations and sensitive data exposures with being responsible stewards of our developers' time.
  • Develop risk-based prioritization. Build data pipelines and dashboards that aggregate security signals and help leadership understand posture trends.
  • Respond to and triage cloud security alerts. Support on-call rotations, investigate findings, and help engineers resolve issues quickly.
  • Produce quality software that stands the test of time and scales across Block's multi-cloud footprint.
  • Think, build and iterate in an AI-augmented environment.

Requirements

  • 5+ years of experience as a software or security engineer
  • 4+ years of experience securing infrastructure running on AWS and/or GCP at scale
  • Deep experience with Infrastructure-as-Code. Terraform (including securing Terraform pipelines), SCPs, GCP org policies, and understanding of best practices and pitfalls when deploying guardrails at organizational scale
  • Experience with cloud security posture management (CSPM) tools such as Wiz, and familiarity with DSPM concepts (sensitive data discovery, classification, and remediation)
  • Strong understanding of IAM. AWS IAM policies, roles, SCPs, permission boundaries; GCP IAM, service accounts, and org-level constraints
  • Experience maturing the cloud security posture of large, complex, multi-account/multi-project environments
  • Demonstrated ability to successfully deliver complex, multi-faceted projects from concept to launch
  • Demonstrated fluency with AI-assisted development tools (e.g., Claude Code, Cursor, GitHub Copilot, or similar agentic coding tools) in real production work
  • Experience with Kubernetes security (pod security policies, network policies) in environments like EKS or GKE
  • Familiarity with BI and data exploration tools like Looker and Snowflake for building security metrics and dashboards
  • Experience building or operating security exception/risk acceptance workflows at scale
  • Familiarity with cloud networking and network segmentation strategies
  • Ability to work well cross-functionally and communicate with audiences who may not have a security or engineering background
  • Experience supporting multi-business-unit organizations with varying compliance and regulatory requirements

Qualifications

  • Master's degree in Computer Science, Information Security, or related field
  • CISSP, CISM, or equivalent certification

Skills

  • Cloud Security (AWS, GCP)
  • Infrastructure-as-Code (Terraform, SCPs, GCP org policies)
  • CSPM (Wiz, DSPM concepts)
  • IAM (AWS IAM policies, roles, SCPs, permission boundaries; GCP IAM, service accounts, org-level constraints)
  • Kubernetes security (pod security policies, network policies)
  • BI and data exploration tools (Looker, Snowflake)
  • AI-assisted development tools (Claude Code, Cursor, GitHub Copilot)
  • Cloud Networking and Network Segmentation Strategies

Benefits

Block offers competitive compensation and benefits packages tailored to each location. Please refer to the job posting for details on pay ranges and benefits.

Pay

Pay varies based on location and experience. For more information, please refer to the job posting.

Schedule

Remote work is available. Please refer to the job posting for details on schedule options.

Similar jobs