Square’s Information Security culture is focused on enabling our engineering teams build and ship products. We work to achieve this by designing, building, and deploying state of the art security features alongside our product teams.
Embedded Security Engineers specialize in the security concerns surrounding Square’s hardware products, including our readers and custom Android devices like Square Register. Embedded Security Engineers are involved in all areas of hardware development, from design through firmware development and from prototyping through production manufacturing. We are looking for smart, motivated engineers who want to build, refine, and occasionally break amazing things with us.
Design, implement, deploy, and maintain security architectures and countermeasures to protect and enable innovative new hardware products
Balance security, compliance, performance, power and cost for a diverse portfolio of embedded devices and the associated manufacturing and backend infrastructure
Evaluate the security of new product designs to determine vulnerability to a wide variety of attack vectors - and subsequently deploy countermeasures that defend against these attacks
Act as an internal security subject matter expert, advocating for better security practices throughout Square
Extensive knowledge of firmware and embedded operating system security principles
Strong understanding of cryptography, protocol design and analysis
Demonstrated experience with practical deployment of secure boot implementations, key management, and/or cryptographic architectures for extreme cost- and power-limited solutions
Professional software development experience in C, Ruby, Python, and/or Java
Experience taking a hardware product from concept to mass production
Prior project work involving hardware security modules and device provisioning infrastructure
Reverse-engineering and exploitation of embedded systems hardware, software, and protocols
Familiarity with physical anti-tamper mechanisms, side-channel attacks, and fault injection attacks
Experience with payment industry standards or other government and international security standards including those from FIPS, ISO, CC.