Software Engineer, Cloud Security

Summary

Join Stripe's Cloud Security team and play a crucial role in defining security primitives and guardrails for our global platform. You will design, build, and operate core security infrastructure used by all engineering teams, collaborating closely with stakeholders and users. Maintain high engineering standards, contribute to team learning, and build durable solutions that advance Stripe's security. You will optimize for user-friendly security controls, make impactful system decisions, leverage data for security baselines, and evaluate new security tools and practices. This role requires deep experience with cloud security (AWS, Azure, or GCP) and a proven track record in a high-stakes production environment. Preferred qualifications include experience with cloud control plane proxy systems and CI tooling for platform configuration.

Requirements

• High standards for code quality and a constructive attitude to help others raise the bar
• Software engineering experience in a high-stakes production environment
• A knack for considering how systems can fail and how to fix them
• An ability to think creatively and holistically about reducing risk in a complex environment
• Deep experience with security on one, or more of, AWS, Azure, or GCP

Responsibilities

• Design, build, and operate the core security infrastructure used by all of Stripe’s engineering teams in close collaboration with other stakeholders and our users
• Uphold our high engineering standards and bring consistency to the many codebases and processes you will encounter
• Contribute to team learning by improving engineering standards, tooling, and processes
• Design and build durable solutions that will advance Stripe’s security beyond the state of the art
• Optimize for security controls that have delightful user experiences
• Make impactful decisions about systems and security — their edge cases, failure modes, and life cycles
• Use data to determine appropriate baselines against which to measure security
• Define infrastructure that reliably feeds signals to threat teams
• Evaluate and prototype new security tools and practices

Preferred Qualifications

• Designing and implementing controls that support security invariants and enforce our security principles while providing a surprisingly great user experience
• Cloud control plane proxy systems which guarantee that the access to raw cloud interfaces comprise the Stripe Secure Platform are performed through safe and secure interfaces
• Providing a migration path for newly acquired companies onto the Stripe Secure Platform
• CI tooling for platform-related configuration: IAM roles, SCPs, and associated components
• Ensuring all cloud infrastructure is defined in code and strict change management is in place
• Guardrails and security controls for commonly used and newer cloud technologies