Security Ecosystem Engineer / Tech Writer
San Francisco, CA or Remote, North America Only
The Stripe security team is dedicated to improving the security of Stripe and its users. Our users trust us with some of their most sensitive information, and we make security a first-class consideration in everything we do. The security concerns are ever-evolving, creating an extremely dynamic environment for the security team.
The Security Ecosystem team is responsible for providing security support across the organization both internally and externally. The Security Ecosystem Engineer/ Tech Writer position will be part of Stripe’s CISO staff and will have the ability to influence the continuous buildout of the security program.
- Assess third-party vendors as part of Stripe’s Security Risk Assessment Program (e.g. Inherent and Residual Risk Scoring).
- Function as a consultant on security matters as a recognized expert and lead cross-functional teams in making sound risk-based decisions.
- Prepare, maintain and improve documentation to support compliance and regulatory efforts (e.g. Policies, Standards, Regulatory Reports).
- Independently author cyber and information security policies, standards and procedures following established document formats/templates.
- Respond to Security Questionnaires and RFPs on behalf of Stripe and prepare/maintain supporting documentation (e.g. SIG, CAIQ).
- Build end-to-end data pipelines using integration design patterns and various connection protocols REST and SOAP, JMS,file, SFTP, DB, Email, custom code.
- Implement services using security mechanisms such as OAuth, SAML, Single Sign On.
- Report on program performance via dashboards, OKRs and perform basic data analysis (e.g. SQL, Redshift, Tableau).
What You'll Need
- Working technical knowledge of security, as well as industry trends.
- Experience implementing and operating programs for Information/Cybersecurity or Security Risk Management.
- Strong communications skills, both written and verbal, including the ability to collaborate with information security and business leaders to research, author, socialize and publish cyber and information security policies, standards
- Subject matter expert in cyber and information security practices, policies, standards and procedures (e.g. NIST CSF or equivalent)
- Experience in handling data structures like JSON, XML, CSV, Parquet, Rosettanet, EDI
- Experience in building integration solutions with various cloud applications like SFDC, Oracle, Workday, AWS, JIRA
- Working knowledge of at least one programming language such as Python, Java or similar
- Experience working with engineers for the automation of security controls.
- Experience managing and conducting audit readiness assessments within AWS (or similar) cloud security and infrastructure.
- Strong background in cyber security operations, risks and controls identification and assessment.
- Strong background in cyber governance, including relevant experience in authoring information security policies, standards and procedures.