Help secure Stripe, our users, and the internet.
Stripe's application security team is responsible for both finding bugs in our public facing applications, and designing and building mitigations for broad classes of bugs. We use and work on state of the art tools, maintain the infrastructure that supports our efforts, and empower Product Engineering (who focus on anything from core payments APIs, to powerful dashboards, to mobile apps and consumer-facing products) to move quickly without compromising on safety. Because of the nature of Stripe's product, nearly every system we operate needs to interact with sensitive financial and personal data, making the security team an extremely dynamic environment to join.
##You will:
- Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production
- Be a security subject matter expert and respond to any internal security engineering questions/request
- Work with other teams to help architect solutions that are inherently secure
- Correctly balance security risk and product advancement
- Perform penetration testing on our internal and external applications
- Threat model existing applications
- Perform reactive incident response when a security event occurs
- Perform proactive research to detect new attack vectors
##Our ideal candidate:
- Has designed and implemented mitigations for common classes of bugs in a popular web framework before
- Has software engineering experience in production environment
- Has Bachelor’s degree in Computer Science or related field
- Has a deep understanding of the web's architecture
- Has a knack for finding flaws in software and can effectively communicate how to fix them
- Is a strong communicator and is accustomed to working closely with a product team
- Can think about problems from an out-of-the box perspective, doesn’t always default to industry norms
- Can think like an attacker and use that context to develop threat models