Security Engineer, Scaled Assessment
Remote, North America
StripeDie Abwicklung von Online-Zahlungen für Internetunternehmen. Stripe ist eine Kombination aus Zahlungs-APIs, die den Handel für Online-Unternehmen aller Größen ermöglicht und ebenfalls Betrug vorbeugt und das Verwalten von Abonnements möglich...
Who we are
Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.
About the team
Application security engineers use security and development knowledge to help teams to move quickly without compromising on security.
Stripe powers businesses all over the world. We process payments, run marketplaces, detect fraud, help entrepreneurs start a business from anywhere in the world, build world-class developer-friendly APIs, and more. Nearly every system we operate interacts with sensitive financial or personal data — making security a top priority for Stripe.
What you’ll do
Our Scaled Assessment team works to measure our security posture, guide risk management and provide implementation-time guard-rails. This involves programmatic detection of common security issues, providing insight to help reason about known risks, performing deep-dive code reviews on key components, and developing security guard-rails to help prevent engineers from unintentionally impacting security.
- Work with our code
- Be a security subject matter expert and answer security questions
- Deploy vulnerability management tools across CI/CD, compute, and container infrastructure to detect vulnerabilities and security misconfigurations.
- Scale proactive security controls for new products and new environments (e.g. acquisitions).
- Develop techniques to ensure teams find flaws before they are introduced into production
- Design and implement automated and integrated security testing at scale.
- Profile just-in-time code review of security-sensitive code
- Evaluate the security posture of existing applications with pentests, code review, and scoping special engagement
- Promote critical issues and bug bounty reports into incidents, help fix, and specify long-term remediation work
- Lead security initiatives
Who you are
We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
- A deep understanding of the web's security model
- An ability to correctly prioritize the best opportunities to reduce risk
- The ability to think like an attacker but maintain empathy for developers. And can express strong opinions while staying humble
- Software engineering experience in a production environment across multiple programming languages
- Ability to ignore industry norms when solving a problem
- Has designed or implemented mitigations for common bug classes
Other jobs like this
Career development Conferences Salary bonus Signing bonus Startup environment
Senior Applications Security EngineerApplication security Automation Code analysis DAST Governance Java Linux Penetration testing Product security Python +4
Career development Competitive pay Equity Health care Parental leave +3
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Application Security Engineer/Architect jobs
- Open Lead Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Cybersecurity Engineer jobs
- Open Head of Information Security jobs
- Open Staff Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Operations Engineer jobs
- Open Offensive Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Senior DevSecOps Engineer jobs
- Open SOC Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Officer 3 jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Cloud Security Operations Lead jobs
- Open Cloud Security Automation Specialist jobs
- Open Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Officer 2 jobs
- Open Senior Cyber Security Infrastructure Architect jobs
- Open Analytics-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open OWASP-related jobs
- Open Agile-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open Ruby-related jobs
- Open CISM-related jobs
- Open Open Source-related jobs
- Open Security assessments-related jobs
- Open Encryption-related jobs
- Open Splunk-related jobs
- Open CISA-related jobs
- Open DevSecOps-related jobs
- Open GDPR-related jobs
- Open ISO 27001-related jobs
- Open Docker-related jobs
- Open Governance-related jobs
- Open Threat detection-related jobs