Application Security Engineer San Francisco
Help secure Stripe, our users, and the internet.
Stripe’s Application Security team is responsible for both finding bugs in our public facing applications, and designing and building mitigations for broad classes of bugs. We use and work on state of the art tools, maintain the infrastructure that supports our efforts, and empower Product Engineering (who focus on anything from core payments APIs, to powerful dashboards, to mobile apps and consumer-facing products) to move to move quickly without compromising on safety. Because of the nature of Stripe’s product, nearly every system we operate needs to interact with sensitive financial and personal data, making the security team an extremely dynamic environment to join.
- Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production
- Operate as a security subject matter expert for any internal engineering security matters
- Work with other teams to help architect solutions that are inherently secure
- Correctly balance security risk and product advancement
- Perform penetration testing on our internal and external applications
- Threat model existing applications
- Perform reactive incident response when a security event occurs
- Perform proactive research to detect new attack vectors
Our ideal candidate:
- Has designed and implemented mitigations for common classes of bugs in a popular web framework before
- Has software engineering experience in production environment
- Has Bachelor’s degree in Computer Science or related field
- Has a deep understanding of the web’s architecture
- Has a knack for finding flaws in software and can efficiently communicate how to fix them
- Is a strong communicator and is accustomed to working closely with a product team
- Can think about problems from an out-of-the box perspective, doesn’t always default to industry norms
- Can think like an attacker and use that context to develop threat models
What’s it like to work at Stripe?
Stripe is, at its heart, an engineering company. To provide a missing pillar of core internet infrastructure, we hire people with a broad set of technical skills (and from a wide variety of backgrounds) who are ready to take on some of the most challenging problems in the industry – from reliably handling 100M API requests per day, to building adaptive machine learning as a result of years of data science and infrastructure work, and enabling entrepreneurs worldwide to start a global internet business.
We encourage all engineers to transition teams once every year and a half and also take on short-term projects with other teams across Stripe. This enables engineers to learn how different parts of Stripe work while also establishing stronger ties and cross-pollination between groups.
We contribute to existing open-source projects and the people working on them, and we release several tools as open-source.
We want to work in a company of warm, inclusive people who treat their colleagues exceptionally well. The kind of people who are committed to going out of their way to help other Stripes in the short-term and pushing them to improve over the long-term (by helping them to get better at what they do).
We’re a highly cross-functional organization and view that as part of the fun: we design our space to encourage as much collaboration as possible. We have long tables in the kitchen for a reason (to enable everyone to meet new people and learn from them). We also have a culture of transparency that we carry through to email communication, ensuring that Stripes all around the world have the information they need to make good local decisions.#LI-CW1
We look forward to hearing from you.