Staff Engineer, M&A Security
Staff Application Security Engineers leverage their technical knowledge and leadership skills to enable development teams to move quickly without compromising on security. We influence security through partnerships and our ability to leverage expert guidance across Stripe’s product teams.
As part of our M&A strategy Stripe believes it’s critical to evaluate each company’s secure design decisions, systems architecture and coding practices. During evaluation, the M&A security team Identifies, assesses, mitigates, and reports on information security and design risks. Post acquisition, we partner with the acquired company’s engineering teams to help them develop a consistent security roadmap that aligns well with Stripe’s technology expectations. Stripe’s strategic investments support our broader mission of expanding the GDP of the internet. We’re looking for seasoned Application Security engineers with 5+ years of relevant M&A and security experience to come help build our M&A security team.
Integrating an acquired company is hard, important work and is often the biggest determinant of whether an acquisition is ultimately successful. Security remains one of Stripe’s priorities. We believe that in order to maintain the highest degree of security for our Users we must ensure all investments adopt our common technology stack and the security protections it affords. We are looking for someone to scale appsec as a practice for our acquired companies, ensuring they follow rigorous security standards in their products.
With the M&A Security team you will:
- Work with engineering teams to design solutions that are inherently secure
- Be a security subject matter expert and answer security questions
- Lead threat modeling discussions and enable teams to balance competing interests
- Lead security initiatives for companies that Stripe acquires
- Scale security effort by empowering engineering teams with guidance, patterns and training
- Develop a deep understanding of Stripe’s code base and set standards for incoming ecosystems
You may be additive to our team if:
- You have low ego and a high degree of empathy
- You have strong communication skills, including developing and evangelizing written and technical or architectural documentation on an organizational level
- You have a breadth of applied knowledge within Application Security, specifically in the areas of Threat Modeling. and Security Review
- You have an ability to understand risk within a highly regulated, dynamic, and rapidly growing environment. Moreover, you’re able to up-level the ability for your engineering partners to do the same
- You have played a critical role in implementing application security standards within the context of multiple mergers and acquisitions
- You think about web security as an architect, and know how to position a growing AppSec practice within a faster growing company
- You have a desire to scale security through simple design, abstraction and education
At Stripe, we're looking for people with passion, grit, and integrity. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. At Stripe, we welcome diverse perspectives and people who think rigorously and aren't afraid to challenge assumptions. Join us.