Security Engineer, Security
Role details
Job location
Tech stack
Job description
Conduct comprehensive penetration tests across web applications, APIs, cloud environments (AWS/GCP/Azure), mobile applications, and internal infrastructure Plan and execute red team engagements that emulate the TTPs of cyber and criminal threat actors targeting financial services, including initial access, lateral movement, persistence, and data exfiltration scenarios Perform assumed-breach and objective-based assessments to test detection and response capabilities in coordination with defensive teams Partner with detection engineering, threat intelligence, and incident response teams to validate security controls, identify coverage gaps, and improve detection fidelity Support incident investigations by providing offensive expertise, log analysis, and root cause analysis when required Contribute to internal security tooling repositories and champion engineering best practices within the team Automate repetitive testing tasks, payload generation, and reporting workflows using modern
Requirements
development practices Act as a subject-matter expert and primary point of contact for stakeholder teams engaged in offensive security programs and Stripe-wide security initiatives Lead offensive security projects end-to-end, mentor junior team members, and foster a culture of continuous learning and knowledge sharing share research internally and contribute to the broader security community 5+ years of experience in offensive security, penetration testing, red teaming, or a related field ~ Strong programming skills in Python, Go, or similar languages, with demonstrated experience building tools, automation, or custom exploits ~ Deep knowledge of web application security, including OWASP Top 10, ASVS, and common vulnerability classes (injection, auth flaws, business logic, etc.) ~ Hands-on experience with cloud platforms (AWS, Azure, or GCP), including cloud-native attack techniques and misconfigurations ~ Experience conducting offensive security in fintech, financial services, or other highly regulated environments Familiarity with big data and log analysis tools (Splunk, Databricks, PySpark, osquery, etc.) Claude Code, Cursor, GitHub Copilot) and experience applying them to offensive security workflows Experience testing AI/ML systems or LLM-based applications for security weaknesses (prompt injection, training data extraction, model manipulation, etc.) Contributions to open-source security tools, published research, blog posts, or conference presentations Relevant certifications such as OSCP, OSWE, OSEP, OSED, CRTO, CPTS, PNPT, GXPN, or cloud security certifications