Staff Application Security Engineer, M&A Security

Remote, North America

Applications have closed

Stripe

Stripe powers online and in-person payment processing and financial solutions for businesses of all sizes. Accept payments, send payouts, and automate financial processes with a suite of APIs and no-code tools.

View company page

Staff Application Security Engineers leverage their technical knowledge and leadership skills to enable development teams to move quickly without compromising on security. We influence security through partnerships and our ability to leverage expert guidance across Stripe's product teams.

As part of our M&A strategy Stripe believes it’s critical to evaluate each company’s secure design decisions, systems architecture and coding practices. During evaluation, the M&A security team Identifies, assesses, mitigates, and reports on information security and design risks. Post acquisition, we partner with the acquired company’s engineering teams to help them develop a consistent security roadmap that aligns well with Stripe’s technology expectations. Stripe’s strategic investments support our broader mission of expanding the GDP of the internet. We’re looking for seasoned Application Security engineers with 5+ years of relevant M&A and security experience to come help build our M&A security team. 

Integrating an acquired company is hard, important work and is often the biggest determinant of whether an acquisition is ultimately successful.  Security remains one of Stripe’s priorities. We believe that in order to maintain the highest degree of security for our Users we must ensure all investments adopt our common technology stack and the security protections it affords. We are looking for someone to scale appsec as a practice for our acquired companies, ensuring they follow rigorous security standards in their products.

**With the M&A Security team you will:**

* Work with engineering teams to design solutions that are inherently secure
* Be a security subject matter expert and answer security questions
* Lead threat modeling discussions and enable teams to balance competing interests
* Lead security initiatives for companies that Stripe acquires
* Scale security effort by empowering engineering teams with guidance, patterns and training
* Develop a deep understanding of Stripe's code base and set standards for incoming ecosystems

**You may be additive to our team if:**

* You have low ego and a high degree of empathy
* You have strong communication skills, including developing and evangelizing written and technical or architectural documentation on an organizational level
* You have a breadth of applied knowledge within Application Security, specifically in the areas of Threat Modeling. and Security Review
* You have an ability to understand risk within a highly regulated, dynamic, and rapidly growing environment. Moreover, you're able to up-level the ability for your engineering partners to do the same
* You have played a critical role in implementing application security standards within the context of multiple mergers and acquisitions
* You think about web security as an architect, and know how to position a growing AppSec practice within a faster growing company
* You have a desire to scale security through simple design, abstraction and education

Tags: Application security Strategy

Region: Remote/Anywhere
Job stats:  26  5  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.