Security Engineer, Offensive Security
Remote, North America
StripeStripe is a suite of APIs powering online payment processing and commerce solutions for internet businesses of all sizes. Accept payments and scale faster.
Who we are
Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.
About the team
The team performs offensive security assessments and penetration testing to identify vulnerabilities and weaknesses in Stripe's systems, applications, and networks before they impact Stripe’s business or users. We partner with other Stripe teams to defend against external attacks and respond to security incidents. The team is distributed, working primarily in Eastern and Pacific time zones, and will regularly coordinate with stakeholders in Europe and Asia.
What you’ll do
Using your security expertise, you'll uncover security weaknesses within Stripe by simulating the tactics, techniques, and procedures (TTPs) of real-world adversaries. This will involve utilizing both threat intelligence and collected telemetry to emulate cyber and criminal threat actors who may target Stripe. Lastly, your analytic capabilities will be critical during security incidents to reduce uncertainty, uncover root causes, and inform future prevention and detection mechanisms.
- Conduct complex offensive security assessments across a variety of environments, including on-premise, cloud, and mobile applications.
- Develop scripts and tools to automate offensive security assessments.
- Provide technical expertise in areas such as network protocols, operating systems, and web application security.
- Work closely with other members of the Stripe security team to identify and mitigate security risks and vulnerabilities.
- Lead offensive security projects and mentor junior team members.
- Produce clear and concise reports testing plans, engagement models, findings, risks, and recommendations for remediation.
- Keep up-to-date with the latest security threats, vulnerabilities, and attack methods.
- Act as the subject-matter expert and primary contact for stakeholder teams invested in offensive security programs and Stripe-wide security initiatives.
- Collaborate effectively with teammates, leading projects, mentoring others, and developing and championing quality standards within the team.
Who you are
We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement
- 5+ years experience in offensive security or related field.
- B.S. or M.S. Computer Science or related field, or equivalent experience.
- Proven knowledge of web application security, including vulnerabilities such as OWASP Top10.
- Experience with cloud computing platforms such as AWS, Azure, or Google Cloud Platform.
- Knowledge of Python and SQL, and familiarity with other programming languages.
- Ability to analyze and interpret application logs to identify and investigate potential security incidents.
- Excellent written and verbal communication skills, including the ability to produce clear and concise reports.
- Ability to think creatively and holistically about identifying risk in a complex environment.
- Experience in conducting offensive security activities in the fintech or financial sectors.
- An adversarial mindset, understanding the goals, behaviors, and TTPs of threat actors.
- Experience partnering with threat intelligence and incident response teams to perform log analysis, digital forensics, and incident response investigations.
- Experience with engineering, data processing and analysis tools (e.g. Databricks, Trino, etc.).
- Familiarity with common open-source frameworks for big data processing and/or data science (PySpark, Pandas, Sci-kit Learn, etc.).
* Salary range is an estimate based on our salary survey 💰
Tags: Application security AWS Azure Big Data Cloud Computer Science FinTech Forensics GCP Incident response Log analysis Offensive security OWASP Pentesting Python Security assessment SQL Threat intelligence TTPs Vulnerabilities
More jobs like this
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Information Security Specialist jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Senior SOC Analyst jobs
- Open Staff Product Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open IT Security Engineer jobs
- Open IT Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Head of Information Security jobs
- Open Cyber Hunt SME jobs
- Open Security Consultant jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Application Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Senior Security Operations Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Senior Security Analyst jobs
- Open Application security-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Vulnerability management-related jobs
- Open DevSecOps-related jobs
- Open Analytics-related jobs
- Open Java-related jobs
- Open IAM-related jobs
- Open CISM-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs
- Open Forensics-related jobs
- Open Malware-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs
- Open OWASP-related jobs