Security Engineer M/F

Stripe
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Tech stack

Microsoft Windows
Artificial Intelligence
Amazon Web Services (AWS)
Apple Mac Systems
Azure
Big Data
Cloud Computing
Computer Security
Computer Programming
Cursor (Graphical User Interface Elements)
Query Languages
Linux
Programming Tools
Intrusion Detection and Prevention
Python
Log Analysis
Open Source Technology
Red Team (Cyber Security)
Kusto Query Language
Reverse Engineering
Security Information and Event Management
SQL Databases
GitHub Copilot
Large Language Models
Mitre Att&ck
Malware
Cyber Threat Analysis
PySpark
Cybercrime
Microsoft Sentinel
Purple Team (Cyber Security)
Splunk
Data Pipelines
Databricks

Job description

endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment Lead projects, mentor teammates, and champion quality standards within the team 5+ years of experience in detection engineering, threat hunting, or security operations ~ Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel) ~ Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS) ~ Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources ~ Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L

Requirements

SQL) and programming (Python or similar) ~ Background in malware analysis, reverse engineering, or threat research Experience with purple team operations - collaborating with offensive security to validate detections Familiarity with big data platforms (Databricks, Trino, PySpark) for large-scale log analysis Proficiency with AI/LLM-assisted development tools (Claude Code, Cursor, GitHub Copilot) applied to detection workflows Experience with detection validation tools (Atomic Red Team, ATT&CK Evaluations) Contributions to open-source detection content, research, or conference presentations Relevant certifications such as HTB CDSA, GCIH, GCFA, GNFA, OSCP, TCM PMAT, or GREM Linux, SIEM, Malware Analysis, Reverse Engineering, MITRE ATT&CK

About the company

Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career. The Proactive Threat team identifies, detects, and responds to threats before they impact Stripe's business or users. The Detection Engineering & Threat Hunting function sits at the intersection of offense and defense - we leverage deep knowledge of attacker tradecraft to build high-fidelity detections, hunt for sophisticated threats, and validate defensive capabilities across Stripe's critical systems.Our team develops detection-as-code, automates analysis workflows, and builds tooling that scales detection and response across a complex, global environment. We partner closely with Threat Intelligence, Incident Response, and offensive security teams to ensure our detections are grounded in real-world adversary behavior.The team is distributed across the United States (Eastern and Pacific time zones) and collaborates regularly with stakeholders across Stripe - including teams in Europe and Asia. You will design, build, and maintain detections that identify malicious activity across Stripe's infrastructure, applications, and cloud environments. Beyond writing detections, you'll conduct threat hunts, perform malware analysis, and build automation that enables detection engineering at scale. Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls Perform malware analysis and reverse engineering to extract indicators and inform detection strategies Build network-based detections (flow, pcap, protocol analysis) and

Apply for this position