Security Engineer, Scaled Assessment
Remote, North America
Stripe
Stripe powers online and in-person payment processing and financial solutions for businesses of all sizes. Accept payments, send payouts, and automate financial processes with a suite of APIs and no-code tools.Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.
About the team
Application security engineers use security and development knowledge to help teams to move quickly without compromising on security.
Stripe powers businesses all over the world. We process payments, run marketplaces, detect fraud, help entrepreneurs start a business from anywhere in the world, build world-class developer-friendly APIs, and more. Nearly every system we operate interacts with sensitive financial or personal data — making security a top priority for Stripe.
What you’ll do
Our Scaled Assessment team works to measure our security posture, guide risk management and provide implementation-time guard-rails. This involves programmatic detection of common security issues, providing insight to help reason about known risks, performing deep-dive code reviews on key components, and developing security guard-rails to help prevent engineers from unintentionally impacting security.
Responsibilities
- Work with our code
- Be a security subject matter expert and answer security questions
- Deploy vulnerability management tools across CI/CD, compute, and container infrastructure to detect vulnerabilities and security misconfigurations.
- Scale proactive security controls for new products and new environments (e.g. acquisitions).
- Develop techniques to ensure teams find flaws before they are introduced into production
- Design and implement automated and integrated security testing at scale.
- Profile just-in-time code review of security-sensitive code
- Evaluate the security posture of existing applications with pentests, code review, and scoping special engagement
- Promote critical issues and bug bounty reports into incidents, help fix, and specify long-term remediation work
- Lead security initiatives
Who you are
We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- A deep understanding of the web's security model
- An ability to correctly prioritize the best opportunities to reduce risk
- The ability to think like an attacker but maintain empathy for developers. And can express strong opinions while staying humble
- Software engineering experience in a production environment across multiple programming languages
- Ability to ignore industry norms when solving a problem
- Has designed or implemented mitigations for common bug classes
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security CI/CD Risk management Vulnerabilities Vulnerability management
Perks/benefits: Career development Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs