Back to jobs

Security engineer

Stripe | San Francisco, USA


The Stripe security team is dedicated to improving the security of Stripe and its users. Our users trust us with some of their most sensitive information, and we make security a first-class consideration in everything we do. The security concerns are ever-evolving, making the security team an extremely dynamic environment to work in. Our ultimate goal is to secure Stripe, secure Stripe users, and secure the Internet.

The security engineer focuses on product/tool/framework development, research, analysis, and architecture used to improve the security at Stripe.

You will:

  • Perform penetration testing on our internal and external applications.

  • Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production.

  • Be a security subject matter expert and respond to any internal security engineering questions/request.

  • Work with other teams to help architect solutions that are inherently secure.

  • Correctly balance security risk and product advancement.

  • Threat model existing applications.

  • Perform reactive incident response when a security event occurs.

  • Perform proactive research to detect new attack vectors.

  • Architect and create frameworks that prevent current and future attack scenarios.

  • Create and execute training exercises to advance developers security knowledge.

  • Research, architect, and execute solutions that will advance internal security monitoring / controls.
  • Our ideal candidate:

  • Has a security-specific background (or desire to learn).

  • Has a deep understanding of how the web works.

  • Has a knack for finding flaws in software and can efficiently communicate how to fix the flaws.

  • Has the ability to find creative ways of reducing risk of inherently insecure efforts.

  • Can think about problems from an out-of-the box perspective, and doesn’t always default to industry norms.

  • Can write defensive, maintainable code that solves real-world problems for our users.

  • Can think like an attacker and preemptively determine how malicious actors will attack Stripe.

  • Has strong communication skills and a natural inclination to collaborate.

  • Learn More