Staff Engineer, Product Security

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within

About the team

Staff Application Security Engineers leverage their technical knowledge and leadership skills to enable development teams to move quickly without compromising on security. We influence security through partnerships and our ability to leverage expert guidance across Stripe's product teams.

Stripe powers businesses all over the world. We process payments, run marketplaces, detect fraud, help entrepreneurs start a business from anywhere in the world, build world-class developer-friendly APIs, and more. Nearly every system we operate interacts with sensitive financial or personal data — making security a top priority for Stripe.

Our Product Security Partnerships team secure-by-design initiatives and deep product partnership. We build strong relationships with other teams and enable them to build secure software. This includes reviewing early-stage designs, developing threat models, scaling impact by curating security patterns, guidance, training; and championing security initiatives.

Some examples of the teams and critical initiatives you might be involved in partnering with

• Link, Stripe’s first consumer focused product providing a B2C option at global scale
• Better building blocks to accept payments, move funds, and exchange between fiat and crypto
• Stripes Core Products ranging from connect, subscriptions, checkout, and more.

What you’ll do

Responsibilities

• Work with engineering and product teams to design solutions that are inherently secure
• Be a security subject matter expert and answer security questions
• Lead threat modeling discussions and enable teams to balance competing interests
• Scale security effort by empowering engineering teams with guidance, patterns and training
• Develop a deep understanding of Stripe's code base and set standards for future development

Who you are

We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. 

Minimum requirements

• You have low ego and a high degree of empathy
• You have strong communication skills, including developing and evangelizing written and technical or architectural documentation on an organizational level
• You have a breadth of applied knowledge within Application Security, specifically in the areas of Threat Modeling and Security Review
• You have an ability to understand risk within a highly regulated, dynamic, and rapidly growing environment. Moreover, you're able to up-level the ability for your engineering partners to do the same
• You have built training or champion programs for web scale technology companies from inception through execution, and know how to drive ROI from such initiatives
• You think about web security as an architect, and know how to position a growing AppSec practice within a faster growing company
• You have a desire to scale security through simple design, abstraction and education