About Cash Security
At Cash, security is everyone’s responsibility, especially among engineering disciplines. Cash Security is a multidisciplinary team, closely aligned to the needs of the business. The team is composed of multiple engineering and governance teams, each specializing and collaboratively solving the security, privacy and governance needs alongside their partner organizations.
About Product Security Engineering
The Product Security engineering team focuses on protecting Cash App’s customer data throughout the product engineering’s technology stacks. We are a hands-on, engineering-driven security team, which aligns security engineers toward product teams, across the entire Cash App organization. We continually raise the overall trust of Cash App’s products by building high leverage security abstractions into the technology stacks our partners utilize. We collaborate on building these security infrastructures, design patterns, and guidelines. We accomplish our goals by treating security engineering as a discipline, offering our expertise to technical and non-technical stakeholders. We secondarily abstract bespoke security solutions into reusable infrastructure, sharing our learnings, best practices, and solutions across the organization.
Our mission is to empower Cash engineers to protect our customers’ data in every aspect of the product and data life cycle; by providing reusable primitives and scalable platforms.
As a Product Security Engineer, you’ll work within the product engineering organization to:
Work with product teams to threat-model Cash App features and identify vulnerabilities.Design, build, and own the security & privacy mechanisms and features which support product engineering teams and customer operations.Drive the direction of the organization by productionizing common security patterns and working toward our security roadmap.Design, apply, and develop security primitives to protect data.Identify and remedy potential security risks to our customers' data.Partner with product teams to implement relevant regulatory data privacy considerations.Help the engineers around you level-up on their own security reasoning and knowledge.Examples of our previous work include:
CashApp’s open source mobile client security SDK [GitHub]General purpose multi-party authorization frameworkContext aware audit logging functionalityDrive the adoption of policy as code Cash’s Field Level Encryption (FLE) framework [Blog]