Internal Audit Technology, Security Engineer

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the team

Stripe builds the most powerful and flexible tools for running an internet business. We handle hundreds of billions of dollars each year and enable millions of users around the world to scale faster and more efficiently by building their businesses on Stripe. To further this important mission, Stripe is building a world class Internal Audit (IA) team. Our mission is to make the business better as it grows. We are consumed with the goal of being agile with the business, powered by technology and providing pragmatic, industry leading assurance and insights.

Our IA team is responsible for providing objective assurance on the design and operational effectiveness of Stripe’s products and processes, its compliance with laws and regulations, its risk management framework and other governance processes. We also lead as an advisory partner in areas such as targeted analyses, systems design assessments, cyber security, model evaluations, self-serve monitoring dashboards, and policy reviews. We’re looking for a talented, growth-minded security engineer with technology risk, compliance and audit experience who will help us execute a global audit program. 

This position is open to remote applicants globally. 

What you’ll do

Responsibilities

• Serve as IA’s technical resource on technology and security related matters across IA projects
• Provide inputs to a risk-based audit plan, specifically for security and compliance related risks
• Plan and execute audits, consulting engagements, and other influencing activities of infrastructure technologies, security, supporting operations, and processes
• Support the evaluation of security risks and related controls, with a particular focus on IaaS and SaaS
• Provide insights on network security best practices, software supply chain vulnerabilities and implementation/enforcement of the compensating controls
• Develop, collect and mature security metrics for point in time and continuous auditing
• Manage co-sourced service providers while executing IA projects
• Liaise with external auditors and regulators in connection with technology audit work
• Work with key partners within the engineering, security and compliance teams to leverage efficiencies and avoid duplication of activities
• Help communicate security risks to different audiences ranging from leadership to engineers
• Secure management action plans for remediation and monitor remediation progress and timeliness
• Invest in understanding the business to better identify areas of need and opportunities to advise
• Research and stay current on new technologies, emerging trends and best practices

Who you are

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

Minimum requirements

• 6+ years of security engineering experience, with background in conducting assessments and audits
• Excellent understanding of public cloud infrastructure and architecture (AWS, Azure, GCP) and associated security concepts and challenges
• Expertise in assessing technology and security controls with a working knowledge of regulatory compliance
• Strong understanding of technology risks and general concepts related to information security
• Ability to apply critical thinking and analysis, and exercise professional judgment
• Ability to discuss complex issues with any level of management and influence perspectives
• Ability to perform technical security assessments, code and design reviews
• Strong written and verbal communication skills
• Knowledge of external leading risk and controls frameworks such as NIST Cybersecurity, ISO27000, ISO27001, ISO27002, and IT related internal controls
• Bachelor's degree in computer science, a related technical field such as computer networking, information security, or equivalent practical experience

Preferred qualifications

• Have experience with security penetration testing for target devices
• Experience working in two or more of the following: network protocols and secure network design, OS internals and hardening, web application and browser security, security assessments and engagement testing, authentication and access control, applied cryptography and security protocols, security monitoring and intrusion detection, and incident response and forensics
• Coding experience in one or more general purpose languages
• Has experience with "table-top"/red-team/scenario analysis exercises; and can recommend the resolution of any identified vulnerabilities/issues
• Certification in any CSP AWS and/or Azure highly desirable
• Experience working in start-up / high growth or platform company