Offensive Security Engineer

Posted 18 Days Ago
Be an Early Applicant
Remote
Senior level
Fintech • Payments
The Role
As an Offensive Security Engineer at Stripe, you will conduct comprehensive security assessments and penetration testing. Your responsibilities include developing automated tools for assessments, providing technical expertise in web application security, leading projects, mentoring juniors, and producing detailed reports on findings. You will collaborate with teams to identify and mitigate vulnerabilities and stay updated on the latest threats and security trends.
Summary Generated by Built In

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the team

The Attacker Engineering team performs offensive security assessments and penetration testing to identify vulnerabilities and weaknesses in Stripe's systems, applications, and networks before they impact Stripe’s business or users.  We partner with other Stripe teams to defend against external attacks and respond to security incidents. The team is distributed, working primarily in Eastern and Pacific time zones, and will regularly coordinate with stakeholders in Europe and Asia.

What you’ll do

Using your security expertise, you'll uncover security weaknesses within Stripe by simulating the tactics, techniques, and procedures (TTPs) of real-world adversaries. This will involve utilizing both threat intelligence and collected telemetry to emulate cyber and criminal threat actors who may target Stripe.  Lastly, your analytic capabilities will be critical during security incidents to reduce uncertainty, uncover root causes, and inform future prevention and detection mechanisms. 

Responsibilities

  • Conduct complex offensive security assessments across a variety of environments, including on-premise, cloud, and mobile applications. 
  • Develop scripts and tools to automate offensive security assessments
  • Provide technical expertise in areas such as network protocols, operating systems, and web application security. 
  • Work closely with other members of the Stripe security team to identify and mitigate security risks and vulnerabilities. 
  • Lead offensive security projects and mentor junior team members. 
  • Produce clear and concise reports testing plans, engagement models, findings, risks, and recommendations for remediation 
  • Keep up-to-date with the latest security threats, vulnerabilities, and attack methods. 
  • Act as the subject-matter expert and primary contact for stakeholder teams invested in offensive security programs and Stripe-wide security initiatives
  • Collaborate effectively with teammates, leading projects, mentoring others, and developing and championing quality standards within the team

Who you are

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

Minimum requirements

  • 5+ years experience in offensive security or related field
  • B.S. or M.S. Computer Science or related field, or equivalent experience
  • Proven knowledge of web application security, including vulnerabilities such as OWASP Top10
  • Experience with cloud computing platforms such as AWS, Azure, or Google Cloud Platform
  • Knowledge of Python and SQL, and familiarity with other programming languages
  • Ability to analyze and interpret application logs to identify and investigate potential security incidents
  • Excellent written and verbal communication skills, including the ability to produce clear and concise reports
  • Ability to think creatively and holistically about identifying risk in a complex environment

Preferred qualifications

    • Experience in conducting offensive security activities in the fintech or financial sectors
    • An adversarial mindset, understanding the goals, behaviors, and TTPs of threat actors.
    • Experience partnering with threat intelligence and incident response teams to perform log analysis, digital forensics, and incident response investigations
    • Experience with engineering, data processing and analysis tools (e.g. Databricks, Trino, etc.)
    • Familiarity with common open-source frameworks for big data processing and/or data science (PySpark, Pandas, Sci-kit Learn, etc.)
    • Experience with tactical threat intelligence and/or hunting for sophisticated threat actors in an enterprise environment
    • Familiarity with network observability, security software, or data engineering solutions (osquery, Splunk, etc.)

Top Skills

Python
SQL
The Company
Seattle, WA
5,600 Employees
Hybrid Workplace
Year Founded: 2010

What We Do

Stripe is a technology company that builds economic infrastructure for the internet. Businesses of every size—from new startups to public companies—use our software to accept payments and manage their businesses online. Our mission is to increase the GDP of the internet.

Learn more at www.stripe.com/jobs.

Gallery

Gallery

Similar Jobs

RunPod Logo RunPod

Security Engineer

Artificial Intelligence • Cloud • Software • Infrastructure as a Service (IaaS)
Easy Apply
Remote
USA
53 Employees

Headway Logo Headway

Senior Product Security Engineer

Consumer Web • Healthtech • Professional Services • Social Impact • Software
Easy Apply
Remote
USA
624 Employees

CrowdStrike Logo CrowdStrike

Sr. Engineer, Application Security / Sensor - Product Security (Remote)

Cloud • Information Technology • Sales • Security • Cybersecurity
Remote
6 Locations
10000 Employees
135K-225K Annually

CrowdStrike Logo CrowdStrike

Sr. Engineer, Application Security - Product Security (Remote)

Cloud • Information Technology • Sales • Security • Cybersecurity
Remote
USA
10000 Employees
135K-215K Annually

Similar Companies Hiring

Cash App Thumbnail
Software • Payments • Mobile • Fintech • Financial Services • Blockchain
Seattle, WA
3500 Employees
Opendoor Thumbnail
Software • Real Estate • PropTech • Fintech • eCommerce
Seattle, WA
1900 Employees
Morningstar Thumbnail
Software • Fintech • Financial Services • Enterprise Web
US
12700 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account