Security Engineer, Offensive Security

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions
of companies—from the world’s largest enterprises to the most ambitious
startups—use Stripe to accept payments, grow their revenue, and
accelerate new business opportunities. Our mission is to increase the
GDP of the internet, and we have a staggering amount of work ahead. That
means you have an unprecedented opportunity to put the global economy
within everyone’s reach while doing the most important work of your
career.

About the team

The team performs offensive security assessments and penetration testing
to identify vulnerabilities and weaknesses in Stripe's systems,
applications, and networks before they impact Stripe’s business or
users. We partner with other Stripe teams to defend against external
attacks and respond to security incidents. The team is distributed,
working primarily in Eastern and Pacific time zones, and will regularly
coordinate with stakeholders in Europe and Asia.

What you’ll do

Using your security expertise, you'll uncover security weaknesses
within Stripe by simulating the tactics, techniques, and procedures
(TTPs) of real-world adversaries. This will involve utilizing both
threat intelligence and collected telemetry to emulate cyber and
criminal threat actors who may target Stripe.  Lastly, your analytic
capabilities will be critical during security incidents to reduce
uncertainty, uncover root causes, and inform future prevention and
detection mechanisms. 

Responsibilities

  • Conduct complex offensive security assessments across a variety of
    environments, including on-premise, cloud, and mobile applications. 
  • Develop scripts and tools to automate offensive security assessments.
  • Provide technical expertise in areas such as network protocols,
    operating systems, and web application security. 
  • Work closely with other members of the Stripe security team to
    identify and mitigate security risks and vulnerabilities. 
  • Lead offensive security projects and mentor junior team members. 
  • Produce clear and concise reports testing plans, engagement models,
    findings, risks, and recommendations for remediation.
  • Keep up-to-date with the latest security threats, vulnerabilities, and
    attack methods. 
  • Act as the subject-matter expert and primary contact for stakeholder
    teams invested in offensive security programs and Stripe-wide security
    initiatives.
  • Collaborate effectively with teammates, leading projects, mentoring
    others, and developing and championing quality standards within the
    team.

Who you are

We’re looking for someone who meets the minimum requirements to be
considered for the role. If you meet these requirements, you are
encouraged to apply. The preferred qualifications are a bonus, not a
requirement

Minimum requirements

  • 5+ years experience in offensive security or related field.
  • B.S. or M.S. Computer Science or related field, or equivalent
    experience.
  • Proven knowledge of web application security, including
    vulnerabilities such as OWASP Top10.
  • Experience with cloud computing platforms such as AWS, Azure, or
    Google Cloud Platform.
  • Knowledge of Python and SQL, and familiarity with other programming
    languages.
  • Ability to analyze and interpret application logs to identify and
    investigate potential security incidents.
  • Excellent written and verbal communication skills, including the
    ability to produce clear and concise reports.
  • Ability to think creatively and holistically about identifying risk in
    a complex environment.

Preferred qualifications

  • Experience in conducting offensive security activities in the fintech
    or financial sectors.
  • An adversarial mindset, understanding the goals, behaviors, and TTPs
    of threat actors.
  • Experience partnering with threat intelligence and incident response
    teams to perform log analysis, digital forensics, and incident
    response investigations.
  • Experience with engineering, data processing and analysis tools (e.g.
    Databricks, Trino, etc.).
  • Familiarity with common open-source frameworks for big data processing
    and/or data science (PySpark, Pandas, Sci-kit Learn, etc.).

Pay and benefits

The annual US base salary range for this role is $161,900 - $219,100. For sales roles, the range provided is the role’s On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role. This salary range may be inclusive of several career levels at Stripe and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and location. Applicants interested in this role and who are not located in the US may request the annual salary range for their location during the interview process.

Additional benefits for this role may include: equity, company bonus or sales commissions/bonuses; 401(k) plan; medical, dental, and vision benefits; and wellness stipends.

Remote locations

Remote in United States, or Canada

Team

Security

Job type

Full time

We look forward to hearing from you

At Stripe, we're looking for people with passion, grit, and integrity. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. At Stripe, we welcome diverse perspectives and people who think rigorously and aren't afraid to challenge assumptions. Join us.