Insider Risk Security Engineer

Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.

The Role

We are seeking a highly skilled Security Engineer to join our Insider Risk team. You will play a crucial role in detecting, analyzing, and mitigating threats that arise from within the organization. This includes collaborating with cross-functional teams to identify behavioral patterns, assess risks, and develop proactive strategies to protect our data, infrastructure, and employees. Your expertise will help safeguard our assets, while enabling a positive security culture that empowers our workforce.

You Will

• Develop, implement, and maintain insider threat detection mechanisms using advanced security tools (UEBA, SIEM, DLP)
• Architect and implement log aggregation pipelines and enterprise-wide insider risk solutions
• Automate detection and response workflows using scripts, threat intelligence, and internal logs
• Build systems and applications to automate detection and response workflows, leveraging threat intelligence data and internal logging sources
• Lead incident response efforts, forensic analysis, and continuous improvement of insider threat programs
• Monitor, analyze, and respond to insider risk alerts, including unauthorized access, data exfiltration, and privilege abuse
• Conduct investigations, post-incident reviews, and recommend remediation actions
• Perform insider risk assessments, including social engineering and penetration testing
• Analyze complex datasets, develop detection rules, and improve risk mitigation strategies
• Design and enforce security policies to minimize insider risk while ensuring compliance
• Collaborate with HR, Legal, and IT to align insider threat management with policies and regulations

You Have

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, or a related field (or equivalent work experience).
• 5+ years of experience in security engineering, cybersecurity, or related roles, with a focus on insider threat or threat detection.
• Previous experience in an insider threat program, SOC, or similar security-focused environment is highly desirable.
• Proficiency in insider threat detection tools and technologies, such as UEBA, SIEM, DLP solutions, and behavioral analytics platforms.
• Strong knowledge of scripting languages like Python, PowerShell, or Bash for automation and custom tool development.
• Strong written and verbal communication skills to articulate security concepts to technical and non-technical stakeholders.
• Ability to manage multiple priorities in a dynamic and fast-paced environment.

We're working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace. Block is an equal opportunity employer evaluating all employees and job applicants without regard to identity or any legally protected class. We also consider qualified applicants with criminal histories for employment on our team, and always assess candidates on an individualized basis.We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. Want to learn more about what we're doing to build a workplace that is fair and square? Check out our I+D page. Block will consider qualified applicants with arrest or conviction records for employment in accordance with state and local laws and "fair chance" ordinances.