Job Description

The Square Security team works to ensure the security of every transaction from dip to receipt and beyond. We strive to provide a diverse and secure environment that allows Square to build world-class products for both customers and employees. Our ultimate goal is to ensure that every single experience with Square is simple, secure, and safe.

The Computer Security and Incident Response (CSIRT) workflow inside the Detection and Response Engineering Team (DART) contributes to the mission through systems signals and sensor development, precise investigations and leading security incident responses for Square. We prioritize our work using an attack-driven defensive approach to prioritize our preventive controls, detective controls, and response program based on real-world attacker behaviors. We automate the detection of, and response to, attack techniques, look for threats in the cloud, data center, and corporate network environments and oversee incident response. Additionally, we provide expertise and partner with our infrastructure security and product teams to create and enforce policies that aim to ensure hardened, easy paths for our developers. This results in an environment where developers and the security team work well together providing a holistic solution to security while encouraging new ideas and growth.

As a CSIRT Signals Development and Response Analyst:

• Represent the Security team as one of the incident response leads for security incidents at Square
• Lead the effort to expand Square’s cloud-based incident response process and cloud IR tooling capabilities
• Monitor, analyze, and correlate activity, evaluate security incidents, perform research and provide in-depth incident analysis
• Instrument and monitor cloud services, workstations, data centers, and networks to detect malicious behaviors allowing signal development in order to identify suspicious activities
• Improve and automate internal capabilities for identifying, investigating, and responding to security events
• Investigate suspicious activities and leverage tactical and technical capabilities to eradicate threats
• Provide guidance on, and assist teams with, implementing domain-specific best practices for preventive controls
• Manually look for malicious activity and provide a feedback loop to signal development

Qualifications

You have:

• 6+ years of related experience
• Relevant experience as an essential member of a detection and response team
• Security knowledge and experience with signature development and performing Incident Response in AWS and Kubernetes
• Security knowledge of the following platforms: Google Cloud Platform, Linux, macOS, and Windows
• A passion for leading projects and initiatives
• Some scripting experience (e.g. Ruby, Python, shell scripting)

Additional Information At Square, we value diversity and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at)squareup.com. We will treat your request as confidentially as possible. In your email, please include your name and preferred method of contact, and we will respond as soon as possible. PERKS At Square, we want you to be well and thrive. Our global benefits package includes:

• Healthcare coverage
• Retirement Plans
• Employee Stock Purchase Program
• Wellness perks
• Paid parental leave
• Flexible time off
• Learning and Development resources