Security Engineer, Security

Stripe
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Tech stack

Training Data
API
Artificial Intelligence
Amazon Web Services (AWS)
Business Logic
Software System Penetration Testing
Azure
Big Data
Cloud Computing Security
Cloud Engineering
Computer Programming
Cursor (Graphical User Interface Elements)
Intrusion Detection and Prevention
Mobile Application Software
Python
Log Analysis
Open Source Technology
Open Web Application Security
Red Team (Cyber Security)
Web Application Security
Cloud Platform System
GitHub Copilot
Large Language Models
Cyber Threat Analysis
Stripe
PySpark
Machine Learning Operations
Splunk
Databricks

Job description

Conduct comprehensive penetration tests across web applications, APIs, cloud environments (AWS/GCP/Azure), mobile applications, and internal infrastructure Plan and execute red team engagements that emulate the TTPs of cyber and criminal threat actors targeting financial services, including initial access, lateral movement, persistence, and data exfiltration scenarios Perform assumed-breach and objective-based assessments to test detection and response capabilities in coordination with defensive teams Partner with detection engineering, threat intelligence, and incident response teams to validate security controls, identify coverage gaps, and improve detection fidelity Support incident investigations by providing offensive expertise, log analysis, and root cause analysis when required Contribute to internal security tooling repositories and champion engineering best practices within the team Automate repetitive testing tasks, payload generation, and reporting workflows using modern

Requirements

development practices Act as a subject-matter expert and primary point of contact for stakeholder teams engaged in offensive security programs and Stripe-wide security initiatives Lead offensive security projects end-to-end, mentor junior team members, and foster a culture of continuous learning and knowledge sharing share research internally and contribute to the broader security community 5+ years of experience in offensive security, penetration testing, red teaming, or a related field ~ Strong programming skills in Python, Go, or similar languages, with demonstrated experience building tools, automation, or custom exploits ~ Deep knowledge of web application security, including OWASP Top 10, ASVS, and common vulnerability classes (injection, auth flaws, business logic, etc.) ~ Hands-on experience with cloud platforms (AWS, Azure, or GCP), including cloud-native attack techniques and misconfigurations ~ Experience conducting offensive security in fintech, financial services, or other highly regulated environments Familiarity with big data and log analysis tools (Splunk, Databricks, PySpark, osquery, etc.) Claude Code, Cursor, GitHub Copilot) and experience applying them to offensive security workflows Experience testing AI/ML systems or LLM-based applications for security weaknesses (prompt injection, training data extraction, model manipulation, etc.) Contributions to open-source security tools, published research, blog posts, or conference presentations Relevant certifications such as OSCP, OSWE, OSEP, OSED, CRTO, CPTS, PNPT, GXPN, or cloud security certifications

About the company

Stripe is a financial infrastructure platform for businesses. Our mission is to increase the GDP of the internet, and we have a substantial amount of work ahead. The Proactive Threat team identifies vulnerabilities and security weaknesses across Stripe's systems, applications, networks, and cloud infrastructure - before adversaries do. We operate as a hybrid offensive function, conducting penetration testing, emulating real-world threat actors through red team operations, and partnering with defensive security teams to validate detection capabilities and improve Stripe's overall security posture. The team develops custom tooling, automation frameworks, and internal platforms that scale our offensive capabilities and enable repeatable, high-fidelity assessments. The team is distributed across the United States, primarily operating in Eastern and Pacific time zones, and collaborates with security, engineering, and product stakeholders across Stripe, including teams in Europe and Asia.

Apply for this position