Internal Audit Technology, Security Engineer
US, USA (Remote)
Stripe
Stripe powers online and in-person payment processing and financial solutions for businesses of all sizes. Accept payments, send payouts, and automate financial processes with a suite of APIs and no-code tools.Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.
About the team
Stripe builds the most powerful and flexible tools for running an internet business. We handle hundreds of billions of dollars each year and enable millions of users around the world to scale faster and more efficiently by building their businesses on Stripe. To further this important mission, Stripe is building a world class Internal Audit (IA) team. Our mission is to make the business better as it grows. We are consumed with the goal of being agile with the business, powered by technology and providing pragmatic, industry leading assurance and insights.
Our IA team is responsible for providing objective assurance on the design and operational effectiveness of Stripe’s products and processes, its compliance with laws and regulations, its risk management framework and other governance processes. We also lead as an advisory partner in areas such as targeted analyses, systems design assessments, cyber security, model evaluations, self-serve monitoring dashboards, and policy reviews. We’re looking for a talented, growth-minded security engineer with technology risk, compliance and audit experience who will help us execute a global audit program.
This position is open to remote applicants globally.
What you’ll do
Responsibilities
- Serve as IA’s technical resource on technology and security related matters across IA projects
- Provide inputs to a risk-based audit plan, specifically for security and compliance related risks
- Plan and execute audits, consulting engagements, and other influencing activities of infrastructure technologies, security, supporting operations, and processes
- Support the evaluation of security risks and related controls, with a particular focus on IaaS and SaaS
- Provide insights on network security best practices, software supply chain vulnerabilities and implementation/enforcement of the compensating controls
- Develop, collect and mature security metrics for point in time and continuous auditing
- Manage co-sourced service providers while executing IA projects
- Liaise with external auditors and regulators in connection with technology audit work
- Work with key partners within the engineering, security and compliance teams to leverage efficiencies and avoid duplication of activities
- Help communicate security risks to different audiences ranging from leadership to engineers
- Secure management action plans for remediation and monitor remediation progress and timeliness
- Invest in understanding the business to better identify areas of need and opportunities to advise
- Research and stay current on new technologies, emerging trends and best practices
Who you are
We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- 6+ years of security engineering experience, with background in conducting assessments and audits
- Excellent understanding of public cloud infrastructure and architecture (AWS, Azure, GCP) and associated security concepts and challenges
- Expertise in assessing technology and security controls with a working knowledge of regulatory compliance
- Strong understanding of technology risks and general concepts related to information security
- Ability to apply critical thinking and analysis, and exercise professional judgment
- Ability to discuss complex issues with any level of management and influence perspectives
- Ability to perform technical security assessments, code and design reviews
- Strong written and verbal communication skills
- Knowledge of external leading risk and controls frameworks such as NIST Cybersecurity, ISO27000, ISO27001, ISO27002, and IT related internal controls
- Bachelor's degree in computer science, a related technical field such as computer networking, information security, or equivalent practical experience
Preferred qualifications
- Have experience with security penetration testing for target devices
- Experience working in two or more of the following: network protocols and secure network design, OS internals and hardening, web application and browser security, security assessments and engagement testing, authentication and access control, applied cryptography and security protocols, security monitoring and intrusion detection, and incident response and forensics
- Coding experience in one or more general purpose languages
- Has experience with "table-top"/red-team/scenario analysis exercises; and can recommend the resolution of any identified vulnerabilities/issues
- Certification in any CSP AWS and/or Azure highly desirable
- Experience working in start-up / high growth or platform company
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Audits AWS Azure Cloud Compliance Computer Science Cryptography Forensics GCP Governance IaaS Incident response Intrusion detection ISO 27000 ISO 27001 Monitoring Network security NIST Pentesting Risk management SaaS Security assessment Vulnerabilities
Perks/benefits: Career development Flex hours Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open IPS-related jobs