Security Engineer, Mobile and Device Security

Mobile Security Engineers use security and development knowledge to help teams to move quickly without compromising on security.

Stripe powers businesses all over the world. We process payments, run marketplaces, detect fraud, help entrepreneurs start a business from anywhere in the world, build world-class developer-friendly APIs, physical payment gateways and more. Nearly every system we operate interacts with sensitive financial or personal data — making security a top priority for Stripe.

Our Insight & Assessment team works to assess our security posture, guide risk management and provide implementation-time guard-rails. This involves programmatic detection of common security issues in our software as well as embedded hardware. Through dynamic testing and applying novel attack strategies we are pushing our technologies to their limits to keep our customers and their data safe.

You will:

• Develop techniques and frameworks that will enable other engineering teams to mitigate bugs before they reach production
• Be a security subject matter expert and partner closely with the Stripe Terminal (Point of Sale) team as well as the broader technical organization
• Balance security risk and product advancement, and enable those you work with to do the same
• Perform code review and penetration testing of mobile apps and embedded devices
• Develop credible threat models accompanied by robust documentation that our engineers can apply in real time
• Respond to incidents when a security event occurs
• Proactively research new attack vectors and adapt our security methodology as we scale

You may be additive to our team if you:

• Have helped design and implement mitigations for common classes of bugs in networks, software and firmware
• Have 5 or more years of experience with offensive security engineering for web connected devices
• Take delight in solving hard problems, and helping others do the same in an environment of increasing pace and scale
• Think like a hacker in both a conventional and future sense without shedding empathy
• Enjoy collaborating with and steering the technical understanding of large organizations
• Have high standards for security and a constructive attitude