• Conduct investigations of suspected cases of fraud or other illegal activities against the Company • Evaluate information to determine credibility • Refer and coordinate investigation assignments to outside agencies • Provide training and support to all departments in the claims handling process

• Threat model new product features and integrations and harden systems with effective controls. • Operate and evolve the application security toolchain (SAST, dependency and supply-chain checks, secrets scanning) and keep it high-signal for developers. • Own day-to-day security operations across the detection stack (EDR, SIEM, on-chain monitoring, identity, cloud): triage what fires, resolve what matters, and reduce noise. • Triage vulnerability and bug-bounty findings by real exposure, drive remediation, and support incident response end to end. • Take security tooling and projects from evaluation through org-wide rollout, collaborating across engineering, infra and other teams. • Automate repetitive, judgment-light security work with AI: vulnerability and AppSec workflows, access reviews, SOC 2 and audit evidence collection, vendor due diligence, and recurring reporting. • Build reusable AI components, Claude skills, and agents that engineering and other functions can adopt.

• Serve as a subject matter expert in security • Facilitate Cybersecurity offerings and focus on CMMC Compliance • Provide security direction and expertise to business and project stakeholders • Perform security risk assessments • Document Customers’ Systems and act as liaison between ComTec and Cybersecurity Vendors • Monitor assigned tickets and tasks • Develop tasks & milestones for security projects

Role Description The Security Engineering & Operations team (SecEngOps) within Infrastructure Security helps other teams across InfoSec, Compliance, and Partner Product teams to protect Block systems, users & customers. This includes: - Encouraging employees to behave securely - Identifying security threats - Responding to incidents As Block grows and expands, cyber security will play an increasingly important role in preventing disruption and protecting our reputation. The team is composed of software engineers focused on: - Designing, implementing, and maintaining software and services - Monitoring and improving operational posture - SLA / SLO for uptime, service reliability, performance, and deployment automation You will: - Design and build scalable, cloud-native security data pipelines and detection systems using SIEM platforms, event-driven architectures, and large-scale log processing - Collaborate with the team to strengthen our security posture through detection engineering reviews, threat scenario design, and contributing to Kubernetes and cloud-native security controls - Participate in our on-call rotation to ensure rapid response and continuous protection for our platform and customers Qualifications - 5+ years of industry experience as a programmer, developer, SWE, or similar job roles - A strong interest in security and growing your career in the direction of InfoSec (prior experience in InfoSec not required) - Comfortable working with outside teams to address problems and determine priorities - Experience using cloud-native technologies for data processing - Experience working in or with SRE or security detection and response teams Technologies We Use and Teach - Google Cloud Platform products such as Pub/Sub, Dataflow, BigQuery, Cloud Functions, and Google Kubernetes Engine - Amazon Web Services products such as Cloudtrail, Simple Queue Service, Simple Notification Service, and Lambda - Programming Languages: Ruby, Go, Java Benefits - Remote work - Medical insurance - Flexible time off - Retirement savings plans - Modern family planning Application Guidelines - Candidates may submit up to 9 active applications within a 60-day period - Reapplications to the same role are accepted 90 days after a previous application has been reviewed Use of AI in Our Hiring Process We may use automated AI tools to evaluate job applications for efficiency and consistency. These tools comply with local regulations, including bias audits, and we handle all personal data in accordance with state and local privacy laws.