Offensive Security Engineer
Remote, USA
About the team
The Attacker Engineering team performs offensive security assessments and penetration testing to identify vulnerabilities and weaknesses in Stripe's systems, applications, and networks before they impact Stripe’s business or users. We partner with other Stripe teams to defend against external attacks and respond to security incidents. The team is distributed, working primarily in Eastern and Pacific time zones, and will regularly coordinate with stakeholders in Europe and Asia.
What you’ll do
Using your security expertise, you'll uncover security weaknesses within Stripe by simulating the tactics, techniques, and procedures (TTPs) of real-world adversaries. This will involve utilizing both threat intelligence and collected telemetry to emulate cyber and criminal threat actors who may target Stripe. Lastly, your analytic capabilities will be critical during security incidents to reduce uncertainty, uncover root causes, and inform future prevention and detection mechanisms.
Responsibilities
- Conduct complex offensive security assessments across a variety of environments, including on-premise, cloud, and mobile applications.
- Develop scripts and tools to automate offensive security assessments
- Provide technical expertise in areas such as network protocols, operating systems, and web application security.
- Work closely with other members of the Stripe security team to identify and mitigate security risks and vulnerabilities.
- Lead offensive security projects and mentor junior team members.
- Produce clear and concise reports testing plans, engagement models, findings, risks, and recommendations for remediation
- Keep up-to-date with the latest security threats, vulnerabilities, and attack methods.
- Act as the subject-matter expert and primary contact for stakeholder teams invested in offensive security programs and Stripe-wide security initiatives
- Collaborate effectively with teammates, leading projects, mentoring others, and developing and championing quality standards within the team
Who you are
We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- 5+ years experience in offensive security or related field
- B.S. or M.S. Computer Science or related field, or equivalent experience
- Proven knowledge of web application security, including vulnerabilities such as OWASP Top10
- Experience with cloud computing platforms such as AWS, Azure, or Google Cloud Platform
- Knowledge of Python and SQL, and familiarity with other programming languages
- Ability to analyze and interpret application logs to identify and investigate …
This job isn't fresh anymore!
Search Fresh JobsJob Profile
Collaborative team environment Company bonus Company bonus or sales commissions Company bonus or sales commissions/bonuses Equity Medical, dental, and vision benefits Professional development opportunities Remote work Vision Benefits Wellness stipends
Tasks- Analyze security incidents
- Develop automation tools
- Lead projects
- Mentor junior team members
- Produce reports
- Provide technical expertise
AWS Azure Big data processing Business Cloud Computing Communication Data engineering Data processing Data Science Digital Forensics Fintech Google Cloud Platform Incident Response Log Analysis Network observability Network protocols Offensive Security Operating Systems Pandas Penetration Testing Programming PySpark Python Sales Scikit-learn Security Security software Splunk SQL Testing Threat Intelligence Trino Web application security
Experience5 years
EducationB.S. Computer Science Engineering Equivalent experience MS Related Field
TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9