Remote Staff Incident Response Engineer
at Stripe

Summary

Join Stripe's Security Incident Response team to leverage your security engineering experience and improve incident response capabilities. With a focus on user and entity behavior analytics, you will gain a deep understanding of Stripe's systems, tooling, and workflows to differentiate between legitimate and malicious activity.

Requirements

• 7+ years experience analyzing large data sets to solve problems and/or building models with a behavioral approach to security
• B.S. or M.S. in Cybersecurity, Computer Science, or related field
• Expert knowledge of Python and SQL, and familiarity with other programming languages
• Existing experience with log analysis (e.g. first or third party applications, system / data access, event logs), network security, digital forensics, and incident response investigations
• Proficiency with developing and using novel analytical methods to build, automate, and improve detection and response systems
• Ability to communicate results clearly, focus on impact, and think holistically about reducing risk in a complex environment

Responsibilities

• Work with security engineering and data science teams to build solutions for analyzing security events data at scale and protecting Stripe networks, systems, and data from threats
• Contribute to strategic objectives, while aligning technical vision across dependent teams
• Develop requirements for detection models and enhancements to existing systems, setting a high standard for technical decision-making influenced by industry best practices
• Collect, transform, and ingest raw data from disparate sources into threat detection pipelines, ensuring the solutions developed reflect consistent engineering quality
• Analyze and investigate a broad range of threats or activities occurring on client devices
• Provide actionable insights to help identify, prevent, detect, and respond to anomalous or potentially malicious user and entity activity, fostering creative problem-solving
• Streamline incident response capabilities, ensuring the tooling and processes are clear, while mentoring team members to improve overall incident response practices
• Act as the subject-matter expert and primary contact for stakeholders invested in Security Analytics & Detection programs, promoting strategic alignment with broader company initiatives
• Collaborate effectively with teammates, leading projects and championing rigorous engineering standards within the team

Preferred Qualifications

• An adversarial mindset, understanding the goals, behaviors, and TTPs of threat actors
• Experience with engineering, data processing and analysis tools (e.g. Databricks, Trino, etc.)
• Familiarity with common open-source frameworks for big data processing and/or data science (PySpark, Pandas, Sci-kit Learn, etc.)
• Experience with tactical threat intelligence and/or hunting for sophisticated threat actors in an enterprise environment
• Familiarity with network observability, security software, or data engineering solutions (osquery, Splunk, etc.)
• Experience in one or more of the following areas: user and entity behavior analytics (UEBA), security information event management (SIEM), security orchestration automation and response (SOAR), or data loss prevention (DLP)