Security Incident Response Engineer - DART
- Full-time
Company Description
Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.
Job Description
The Block Security team works with other teams across Block to build world-class products for both customers and employees. Our ultimate goal is to ensure that every experience with Block is simple, secure, and safe.
Block’s Detection and Response Team (DART) has four distinct teams; Security Engineering (SecEng), Monitoring & Triage, Signals and Intelligence (SIGINT), and the Computer Security Incident Response Team (CSIRT). The CSIRT aspires to deliver trusted security advisory and world-class response to security threats towards Block and its ecosystem of startups so our employees can quickly and safely build and customers can partake in the economy through secure and modern experiences. CSIRT provides rapid and standardized security response capability to Block and it’s ecosystem of startups 24/7/365. We aim to relentlessly pursue evolving threats through proactive hunting, perform regular threat modeling, and lead cross-functional tabletops to focus on continuous learning and improvement; while providing crisis management capability with a focus of limiting the financial impact or blast radius of a security event. In order to support the company's incredible growth, we’re growing our incident response team. You will report to the Engineering Manager as part of the DART - CSIRT team.
As a Security Incident Response Engineer you will:
Lead the response to critical incidents, threats, vulnerabilities and bring these issues to resolution coordinating cross-functional teams.
Demonstrate strong composure (Incident Command) while running incidents with a balance of urgency and intensity, as well as focus.
Actively monitor, analyze and correlate activity, evaluate security events, perform research and provide in-depth incident analysis.
Improve and automate internal capabilities for identifying, investigating, and responding to security events.
Contribute to the creation and/or refinement of runbooks.
Lead and participate in IR tabletop exercise to validate existing processes and procedures and to document lessons learned.
Develop and adjust automations, scripts, and security tool configurations to drive efficiencies and enhance investigations.
Hunt for malicious activity and provide a feedback loop to signal development/threat intelligence.
Keep key stakeholders (both technical and non-technical) informed on details in a clear and concise manner, both written and verbally.
Create postmortem write-ups and lead postmortem discussions.
Be part of an on-call rotation.
Qualifications
2+ years of experience with incident response and forensics tools.
Strong security knowledge in at least one of the following domains: AWS, Google Cloud Platform, Linux, Windows, macOS.
Prior experience with malware analysis, host/network-based forensics, memory forensics, and/or network traffic analysis.
Prior experience using the MITRE ATT&CK framework to improve security incident detection and response.
Scripting experience (i.e. Ruby, Python, shell scripting) preferred.
Experience with open-source forensics tools like OSquery
Empathy, patience, a desire to learn, and help your teammates grow.
Excellent written and verbal communication skills, including the ability to communicate technical concepts clearly and effectively.
Ability to operate independently and in a team environment in a geographically dispersed team.
Additional Information
We’re working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace. Block is a proud equal opportunity employer. We work hard to evaluate all employees and job applicants consistently, without regard to race, color, religion, gender, national origin, age, disability, pregnancy, gender expression or identity, sexual orientation, citizenship, or any other legally protected class.
We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. Want to learn more about what we’re doing to build a workplace that is fair and square? Check out our I+D page.
Additionally, we consider qualified applicants with criminal histories for employment on our team, and always assess candidates on an individualized basis.
Perks
We want you to be well and thrive. Our global benefits package includes:
- Healthcare coverage
- Retirement Plans
- Employee Stock Purchase Program
- Wellness perks
- Paid parental leave
- Paid time off
- Learning and Development resources
Block, Inc. (NYSE: SQ) is a global technology company with a focus on financial services. Made up of Square, Cash App, Spiral, TIDAL, and TBD, we build tools to help more people access the economy. Square helps sellers run and grow their businesses with its integrated ecosystem of commerce solutions, business software, and banking services. With Cash App, anyone can easily send, spend, or invest their money in stocks or Bitcoin. Spiral (formerly Square Crypto) builds and funds free, open-source Bitcoin projects. Artists use TIDAL to help them succeed as entrepreneurs and connect more deeply with fans. TBD is building an open developer platform to make it easier to access Bitcoin and other blockchain technologies without having to go through an institution.