Senior Security Engineer, Platform Security

About The Position

Requirements

• 5+ years of experience as a software or security engineer
• 4+ years of experience securing infrastructure running on AWS and/or GCP at scale.
• Deep experience with Infrastructure-as-Code. Terraform (including securing Terraform pipelines), SCPs, GCP org policies, and understanding of best practices and pitfalls when deploying guardrails at organizational scale.
• Experience with cloud security posture management (CSPM) tools such as Wiz, and familiarity with DSPM concepts (sensitive data discovery, classification, and remediation).
• Strong understanding of IAM. AWS IAM policies, roles, SCPs, permission boundaries; GCP IAM, service accounts, and org-level constraints.
• Experience maturing the cloud security posture of large, complex, multi-account/multi-project environments.
• Demonstrated ability to successfully deliver complex, multi-faceted projects from concept to launch.
• Demonstrated fluency with AI-assisted development tools (e.g., Claude Code, Cursor, GitHub Copilot, or similar agentic coding tools) in real production work

Nice To Haves

• Experience with Kubernetes security (pod security policies, network policies) in environments like EKS or GKE.
• Familiarity with BI and data exploration tools like Looker and Snowflake for building security metrics and dashboards.
• Experience building or operating security exception/risk acceptance workflows at scale.
• Familiarity with cloud networking and network segmentation strategies.
• Ability to work well cross-functionally and communicate with audiences who may not have a security or engineering background.
• Experience supporting multi-business-unit organizations with varying compliance and regulatory requirements.

Responsibilities

• Architect and evolve cloud security guardrails. Design and implement SCPs, GCP org policies, and IAM controls that shape how Block uses cloud infrastructure for years to come.
• Build automation to discover, measure, and contextualize security issues. Develop integrations with CSPM/DSPM tools and internal platforms to surface and prioritize findings.
• Own the cloud security exception lifecycle. Build and maintain the tooling and processes that allow teams to request, review, and track security exceptions at scale
• Partner with platform teams to deliver solutions that permanently eliminate entire categories of cloud security risk.
• Deliver key cloud security assurance functions. Balance the need to remediate critical misconfigurations and sensitive data exposures with being responsible stewards of our developers' time.
• Develop risk-based prioritization. Build data pipelines and dashboards that aggregate security signals and help leadership understand posture trends.
• Respond to and triage cloud security alerts. Support on-call rotations, investigate findings, and help engineers resolve issues quickly.
• Produce quality software that stands the test of time and scales across Block's multi-cloud footprint.
• Think, build and iterate in an AI-augmented environment.

Benefits

• Remote work
• medical insurance
• flexible time off
• retirement savings plans
• modern family planning