.Square is looking to hire a Security Engineer to assist with security,
audit, and compliance efforts within the organization. This person
will be called upon to help design and secure all areas of the
organization and product, including client and server applications,
system and network infrastructure, and policies and procedures. The
ideal candidate will be a security generalist, with as much interest
and experience building things as breaking them.
Responsibilities
* Design and build tools to implement security controls and monitor them
* Perform ongoing security testing and code reviews
* Act as internal security subject matter expert and evangelist
* Perform day-to-day audit and monitoring tasks as required
Required
* Strong understanding of web, application, and network security
* Programming experience in two or more of the following languages:
Ruby, Java, Javascript, and C/Objective-C
* Operational experience deploying and monitoring secure systems
* Familiarity with security standards, including PCI-DSS, PA-DSS,
OWASP Top 10 and others
* Previous experience in a start-up environment a plus
To apply, contact mikeh [at] squareup [dot] com and please submit
along with your resume a critique of the following code:
#!/usr/bin/env ruby
#
# This program encrypts and decrypts messages at the command line.
# It runs setuid root, so that it can be used by users without giving
# them access to the (root-owned) secret encryption key.
require 'openssl'
SECRET_KEY='/etc/secrypt.key'
OUTPUT_FILE='/tmp/secrypt.out'
cipher = OpenSSL::Cipher::Cipher.new('aes-256-ecb')
case ARGV.shift
when 'encrypt'
cipher.encrypt
when 'decrypt'
cipher.decrypt
else
puts 'Usage:'
puts '$0 [encrypt|decrypt] '
exit 1
end
cipher.key=(File.read(SECRET_KEY))
input = File.open(ARGV.shift)
output = File.open(OUTPUT_FILE, 'w')
input.each_line do |l|
output.write(cipher << l)
end
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}