Security Engineer, Threat Detection

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the Team

The Threat Detection Team at Stripe represents a fusion of offensive and defensive cybersecurity expertise. We focus on both simulating real-world cyber attacks and developing resilient defenses. Our team, operating across US time zones, works closely with global stakeholders, ensuring our impact is broad and meaningful.

What You'll Do

As a Threat Detection Team Engineer, you'll play a dual role in both attacking and defending Stripe's digital assets. You will execute advanced adversary simulations, assess the resilience of our networks, systems, and applications, and use your findings to enhance our defensive strategies. Collaborating with internal teams and external partners, you will play a vital role in enhancing our offensive and defensive security posture and staying ahead of emerging threats. Your dedication to continuous improvement and alignment with organizational goals will contribute to the overall effectiveness of our detection team operations. Join us in our mission to safeguard our organization and stakeholders from evolving cyber risks.

Responsibilities

• Execute sophisticated adversary simulation exercises that mimic real-world attacks, focusing on high-performance computing and storage environments.
• Develop and maintain a comprehensive library of threat actor profiles and simulation scenarios to evaluate and improve security controls and incident response plans.
• Integrate findings from adversary simulations into security strategies, enhancing the organization's overall defensive posture.
• Document and effectively communicate the outcomes of simulation exercises to a broad audience, providing actionable insights and recommendations.
• Collaborate with cybersecurity and other cross-functional teams to refine security policies and procedures, fortifying defenses based on simulation feedback.
• Design, build, and use custom tools and scripts to automate and enrich adversary simulation activities, ensuring they remain cutting-edge and impactful.
• Stay informed about the latest cybersecurity trends and advancements, ensuring our adversary simulation practices are current and effective.
• Train and mentor cybersecurity team members in adversary simulation techniques and strategies, fostering a culture of continuous learning and skill enhancement.
• Work closely with software development teams, ensuring security measures are an integral part of the software development lifecycle.

Who You Are

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

Minimum Requirements

• 5+ years of experience in cybersecurity, with demonstrated expertise in both offensive and defensive tactics.
• Bachelor's degree in Cybersecurity, Computer Science, or related field.
• Experience in conducting advanced penetration tests, adversary simulations, and vulnerability assessments.
• Deep understanding of the cyber threat landscape, including advanced attack vectors and countermeasures.
• Proficiency in using cybersecurity tools and technologies for attack simulation and defense, including custom tool and script development.

Preferred Qualifications

• Excellent communication skills, capable of effectively conveying complex security issues to diverse audiences.
• Experience collaborating with cross-functional teams and contributing to policy and procedure development.
• Familiarity with industry standards and regulations related to cybersecurity.
• A passion for continuous learning and staying updated on the latest cybersecurity developments.
• Join Stripe's Threat Detection Team to shape and protect the future of global financial infrastructure in an environment where your work is impactful and valued.