Security Incident Response Engineer

  • Full-time

Company Description

Square builds common business tools in unconventional ways so more people can start, run, and grow their businesses. When Square started, it was difficult and expensive (or just plain impossible) for some businesses to take credit cards. Square made credit card payments possible for all by turning a mobile phone into a credit card reader. Since then Square has been building an entire business toolkit of both hardware and software products including Square Capital, Square Terminal, Square Payroll, and more. We’re working to find new and better ways to help businesses succeed on their own terms—and we’re looking for people like you to help shape tomorrow at Square.

Job Description

The Square Security team works with other teams at Square to build world-class products for both customers and employees. Our ultimate goal is to ensure that every experience with Square is simple, secure, and safe.

Square’s Detection and Response Team (DART) has two distinct teams; Security Engineering (SecEng) and the Computer Security Incident Response Team (CSIRT). CSIRT consists of three mutually supportive functions to focus its work: Monitoring & Triage, Incident Response (IR), and Signals Development/Threat Intelligence. We enumerate, detect, investigate, and coordinate the response to information security threats to Square through security threat research and intelligent analysis, understanding adversaries’ tools and techniques, proactive threat hunting, vigilant monitoring, and efficient incident response handling. In order to support the company's incredible growth, we’re growing our incident response team. You will report to the CSIRT Engineering Manager as part of the DART - CSIRT team. 

As a Security Incident Response Engineer you will:

  • Lead the response to critical incidents, threats, and vulnerabilities, bringing these issues to resolution coordinating cross-functional teams across multiple types of assets including cloud, on data center, and corporate.
  • Demonstrate strong composure while running cases with a balance of urgency, intensity, and focus.
  • Actively monitor, analyze and correlate security event activity, perform research, and provide in-depth incident analysis.
  • Improve and automate internal capabilities for identifying, investigating, and responding to security events.
  • Contribute to the creation and/or refinement of runbooks.
  • Lead and participate in IR tabletop exercises to validate and improve existing processes and procedures.
  • Develop and adjust automations, scripts, and security tool configurations to drive efficiencies and enhance investigations.
  • Hunt for malicious activity to provide a feedback loop for signals development and threat intelligence.
  • Ensure stakeholders (both technical and non-technical) are informed on details in a clear and concise manner, both written and verbally.
  • Develop postmortem write-ups and lead postmortem discussions.
  • Participate in an incident response on-call rotation.

Qualifications

You have:

  • 5+ years of experience with incident response and forensics tools.
  • Empathy, patience, and a desire to learn and help your teammates grow.
  • Excellent written and verbal communication skills, including the ability to communicate technical concepts clearly and effectively.
  • The ability to operate independently and in a team environment in a geographically dispersed team.
  • Enthusiasm about securing an infrastructure built around small business

And one or more of the following:

  • Strong security knowledge in MacOS with general proficiency in the cloud and with Linux.
  • Experience with network IDS and IPS solutions, analysis of east-west and north-south traffic flows, or service mesh technologies such as Istio and Envoy.
  • Experience with malware analysis, host/network-based forensics, memory forensics, and/or network traffic analysis.

Desired skils:

  • Scripting experience (i.e. Ruby, Python, shell scripting)
  • Experience with open-source forensics tools like OSquery
  • Prior experience using the MITRE ATT&CK framework to improve security incident detection and response.

Additional Information

We’re working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace. Square is a proud equal opportunity employer. We work hard to evaluate all employees and job applicants consistently, based solely on the core competencies required of the role at hand, and without regard to any legally protected class.

We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible.

Perks

At Square, we want you to be well and thrive. Our global benefits package includes:

  • Healthcare coverage
  • Retirement Plans
  • Employee Stock Purchase Program
  • Wellness perks
  • Paid parental leave
  • Paid time off
  • Learning and Development resources

Square, Inc. (NYSE: SQ) builds tools to empower businesses and individuals to participate in the economy. Sellers use Square to reach buyers online and in person, manage their business, and access financing. Individuals use Cash App to spend, send, store, and invest money. And TIDAL is a global music and entertainment platform that expands Square's purpose of economic empowerment to artists. Square, Inc. has offices in the United States, Canada, Japan, Australia, Ireland, Spain, Norway, and the UK.

Privacy Policy