Application Security, Insight and Assessment
Application security engineers use security and development knowledge to help teams to move quickly without compromising on security.
Stripe powers businesses all over the world. We process payments, run marketplaces, detect fraud, help entrepreneurs start a business from anywhere in the world, build world-class developer-friendly APIs, and more. Nearly every system we operate interacts with sensitive financial or personal data — making security a top priority for Stripe.
We work throughout the entire software development lifecycle but split focus across two sub-teams: Design & Partnership; and Insight & Assessment.
Our Insight & Assessment team works to measure our security posture, guide risk management and provide implementation-time guard-rails. This involves programmatic detection of common security issues, providing insight to help reason about known risks, performing deep-dive code reviews on key components, and developing security guard rails to help prevent engineers from unintentionally impacting security.
With the Insight & Assessment team you will:
- Work with our code
- Be a security subject matter expert and answer security questions
- Develop techniques to ensure teams find flaws before they are introduced into production
- Perform just-in-time code review of security-sensitive code
- Evaluate the security posture of existing applications with pentests, code review, and scoping special engagement
- Promote critical issues and bug bounty reports into incidents, help fix, and specify long-term remediation work
- Lead security initiatives
We’re looking for someone who has:
- A deep understanding of the web’s security model
- An ability to correctly prioritize the best opportunities to reduce risk
- The ability to think like an attacker but maintain empathy for developers. And can express strong opinions while staying humble
- Software engineering experience in a production environment across multiple programming languages
- Ability to ignore industry norms when solving a problem
- Has designed or implemented mitigations for common bug classes
At Stripe, we're looking for people with passion, grit, and integrity. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. At Stripe, we welcome diverse perspectives and people who think rigorously and aren't afraid to challenge assumptions. Join us.