Threat Infrastructure Engineer

San Francisco, CA or Remote, North America

Applications have closed
Stripe logo
The new standard in online payments

Posted 1 month ago

As a platform company powering businesses all over the world, Stripe processes payments, runs marketplaces, detects fraud, helps entrepreneurs start an internet business from anywhere in the world. Stripe’s Threat Infrastructure Engineers build investigation platforms and tooling, ensure reliable data, alert and remediation pipelines and transform data from various sensors and applications used within security investigations.

At Stripe, we are building a security detection and response infrastructure using data science tooling and big data systems that will help us with scale while making onboarding and analysis of new data easy and transparent. Rather than traditional commercial tooling, you’ll help to drive codified processes, data analytics and automation for detection and response scale.  This is a unique challenge for a cyber professional interested in non-traditional security monitoring and response designed to function within a development operations framework.  You’ll maintain strong partnerships with threat detection for requirements on capabilities and other security teams to understand the interfaces to those systems useful for monitoring and response throughout Stripe. 

You will:

  • Understand data tooling available at Stripe and determine how to best leverage, modify, or fork them for use by security
  • Create libraries and tooling for the batch computation needs of threat detection
  • Maintain libraries that enable interaction with various internal and external data sources used for correlation of detection logic
  • Create a reliability layer for metrics related to the detection pipeline both for easy debugging and constant improvement of detection bottlenecks
  • Create observability tooling to help our users easily debug, understand, and tune their jobs 
  • Develop an orchestration system for automated triage and remediation based upon alert logic.
  • Create APIs to help detection and other teams access threat Intelligence and alerting data

You might be a fit for this role if you:

  • Have a strong engineering background and are interested in data. You’ll be writing production Python and Golang Code.
  • Have experience developing and maintaining distributed systems built with open source tools.
  • Have experience building libraries and tooling that provide beautiful abstractions to users
  • Have experience with tools such as Kafka, Flink, Airflow and various Notebook technology
  • 4+ years of relevant experience in Security
  • Experience as a consumer of data science tooling and infrastructure
  • Experience  security technologies including endpoint detection, network technologies,  AWS cloud services.
  • Strong understanding of the technical capabilities needed for an effective detection and response capability


  • Ability to drive concurrent projects and initiatives while managing operational responsibilities
  • An exemplary, user-focused communication style; emphasizing clarity, empathy and accuracy
  • Demonstrated success working remotely
  • Ability to deliver capabilities to teams in an iterative manner while building towards a larger vision
  • Demonstrated success overseeing internal tool development and automation at scale
  • Experience with collection of compliance artifacts, security incidents and risk awareness

Job tags: Analytics Automation AWS Big Data Open Source Python Threat detection Threat intelligence