Stripe is hiring a

Software Engineer, Identity

San Francisco, United States

The Stripe security team is dedicated to improving the security of Stripe and its users. Our users trust us with some of their most sensitive information, and we make security a first-class consideration in everything we do. The security concerns are ever-evolving, making the security team an extremely dynamic environment to work in. Our ultimate goal is to secure Stripe, secure Stripe users, and secure the Internet.

The security engineer focuses on product/tool/framework development, research, analysis, and architecture used to improve the security at Stripe. 
You will:
  • Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production
  • Be a security subject matter expert and respond to any internal security engineering questions/request
  • Work with other teams to help architect solutions that are inherently secure
  • Correctly balance security risk and product advancement
  • Perform penetration testing on our internal and external applications
  • Threat model existing applications
  • Perform reactive incident response when a security event occurs
  • Perform proactive research to detect new attack vectors
  • Architect and create frameworks that prevent current and future attack scenarios
  • Create and execute training exercises to advance developers’ security knowledge
  • Research, architect, and execute solutions that will advance internal security monitoring & controls
Our ideal candidate:
  • Can write defensive, maintainable code that solves real-world problems for our users
  • Has a minimum of 2 years experience in security field
  • Has software engineering experience in production environmentHas Bachelor’s degree in Computer Science or related field
  • Has a security-specific background (or desire to learn)
  • Has a deep understanding of how the web works
  • Has a knack for finding flaws in software and can efficiently communicate how to fix them
  • Has the ability to find creative ways of reducing risk of inherently insecure efforts
  • Can think about problems from an out-of-the box perspective, doesn’t always default to industry norms
  • Can think like an attacker and preemptively determine how malicious actors will attack Stripe
  • Has strong communication skills and a natural inclination to collaborate