Staff Incident Response Engineer

Summary

Join Stripe's Security Incident Response team as a Security Engineer and leverage your expertise to enhance incident response capabilities. You will analyze security events data, build detection models, and investigate threats impacting Stripe's systems and users. Your responsibilities include developing solutions for threat detection, contributing to strategic objectives, and streamlining incident response processes. You will collaborate with various teams, act as a subject matter expert, and mentor team members. This role requires extensive experience in data analysis, security engineering, and incident response. A strong background in Python and SQL is essential.

Requirements

• 7+ years experience analyzing large data sets to solve problems and/or building models with a behavioral approach to security
• B.S. or M.S. in Cybersecurity, Computer Science, or related field
• Expert knowledge of Python and SQL, and familiarity with other programming languages
• Existing experience with log analysis (e.g. first or third party applications, system / data access, event logs), network security, digital forensics, and incident response investigations
• Proficiency with developing and using novel analytical methods to build, automate, and improve detection and response systems
• Ability to communicate results clearly, focus on impact, and think holistically about reducing risk in a complex environment

Responsibilities

• Work with security engineering and data science teams to build solutions for analyzing security events data at scale and protecting Stripe networks, systems, and data from threats
• Contribute to strategic objectives, while aligning technical vision across dependent teams
• Develop requirements for detection models and enhancements to existing systems, setting a high standard for technical decision-making influenced by industry best practices
• Collect, transform, and ingest raw data from disparate sources into threat detection pipelines, ensuring the solutions developed reflect consistent engineering quality
• Analyze and investigate a broad range of threats or activities occurring on client devices
• Provide actionable insights to help identify, prevent, detect, and respond to anomalous or potentially malicious user and entity activity, fostering creative problem-solving
• Streamline incident response capabilities, ensuring the tooling and processes are clear, while mentoring team members to improve overall incident response practices
• Act as the subject-matter expert and primary contact for stakeholders invested in Security Analytics & Detection programs, promoting strategic alignment with broader company initiatives
• Collaborate effectively with teammates, leading projects and championing rigorous engineering standards within the team

Preferred Qualifications

• An adversarial mindset, understanding the goals, behaviors, and TTPs of threat actors
• Experience with engineering, data processing and analysis tools (e.g. Databricks, Trino, etc.)
• Familiarity with common open-source frameworks for big data processing and/or data science (PySpark, Pandas, Sci-kit Learn, etc.)
• Experience with tactical threat intelligence and/or hunting for sophisticated threat actors in an enterprise environment
• Familiarity with network observability, security software, or data engineering solutions (osquery, Splunk, etc.)
• Experience in one or more of the following areas: user and entity behavior analytics (UEBA), security information event management (SIEM), security orchestration automation and response (SOAR), or data loss prevention (DLP)