Stripe is hiring a
Offensive Security Engineer

Summary

Join Stripe's Attacker Engineering team to perform offensive security assessments and penetration testing. You'll uncover security weaknesses within Stripe by simulating real-world adversaries' tactics, techniques, and procedures. As a key member of the team, you'll work closely with other members to identify and mitigate security risks and vulnerabilities.

Requirements

• 5+ years experience in offensive security or related field
• B.S. or M.S. Computer Science or related field, or equivalent experience
• Proven knowledge of web application security, including vulnerabilities such as OWASP Top10
• Experience with cloud computing platforms such as AWS, Azure, or Google Cloud Platform
• Knowledge of Python and SQL, and familiarity with other programming languages
• Ability to analyze and interpret application logs to identify and investigate potential security incidents
• Excellent written and verbal communication skills, including the ability to produce clear and concise reports
• Ability to think creatively and holistically about identifying risk in a complex environment

Responsibilities

• Conduct complex offensive security assessments across a variety of environments, including on-premise, cloud, and mobile applications
• Develop scripts and tools to automate offensive security assessments
• Provide technical expertise in areas such as network protocols, operating systems, and web application security
• Work closely with other members of the Stripe security team to identify and mitigate security risks and vulnerabilities
• Lead offensive security projects and mentor junior team members
• Produce clear and concise reports testing plans, engagement models, findings, risks, and recommendations for remediation
• Keep up-to-date with the latest security threats, vulnerabilities, and attack methods
• Act as the subject-matter expert and primary contact for stakeholder teams invested in offensive security programs and Stripe-wide security initiatives
• Collaborate effectively with teammates, leading projects, mentoring others, and developing and championing quality standards within the team

Preferred Qualifications

• Experience in conducting offensive security activities in the fintech or financial sectors
• An adversarial mindset, understanding the goals, behaviors, and TTPs of threat actors
• Experience partnering with threat intelligence and incident response teams to perform log analysis, digital forensics, and incident response investigations
• Experience with engineering, data processing and analysis tools (e.g. Databricks, Trino, etc.)
• Familiarity with common open-source frameworks for big data processing and/or data science (PySpark, Pandas, Sci-kit Learn, etc.)
• Experience with tactical threat intelligence and/or hunting for sophisticated threat actors in an enterprise environment
• Familiarity with network observability, security software, or data engineering solutions (osquery, Splunk, etc.)