Role in brief
Stripe seeks a Security Engineer to secure its financial infrastructure platform. This role involves developing security solutions for AI/LLM integrations and core products, reducing security debt, and empowering engineering teams through automation and guidance. Candidates with five years of experience in security engineering, multi-cloud environments, and threat modeling should apply.
About the role
This role focuses on enhancing security across Stripe's product portfolio, which includes key offerings like Connect, Subscriptions, and Issuing. A significant part of the work involves developing secure integrations for AI and LLM technologies, both within products and for internal security operations. The engineer will also contribute to building the foundational components that enable payment processing and fund movement.
A core responsibility is to identify and mitigate security vulnerabilities, collaborating closely with product engineering teams to ensure new solutions are secure by design. This includes leading threat modeling discussions to balance security requirements with user experience and product development goals. The role emphasizes proactive security measures and reducing existing security debt.
Success in this position means scaling security efforts by empowering other engineering teams. This involves creating automation tools, providing clear security guidance, developing useful patterns, and delivering training. The engineer will also drive significant cross-team security initiatives and mentor colleagues, fostering a culture of security awareness and best practices across the organization.
The listed salary range for this position is between $80,500 and $138,000 USD.
Skills that matter here
- Computer Science: A foundational degree in this field or Security Informatics is required, indicating the need for strong theoretical understanding in security engineering.
- AWS: Five years of experience with AWS is necessary, as the role involves securing systems deployed across multiple cloud service providers.
- GCP: Candidates must have five years of experience with either GCP or Azure, demonstrating proficiency in securing diverse cloud environments.
- application security: Five years of experience in this area is required, focusing on securing Stripe's various product offerings and integrations.
- threat modeling: The role demands five years of experience in developing and leading threat models to identify and reduce security risks in product development.
- Docker: Four years of experience with containerization technologies like Docker or Kubernetes is needed for securing modern application deployments.
Who this role suits
- You have a background of at least five years in security engineering within a production environment.
- You are adept at working with multiple cloud platforms, specifically AWS and either GCP or Azure.
- You are skilled in both application and infrastructure security, with a strong focus on threat modeling.
- You thrive on empowering others through automation and guidance, rather than solely executing tasks yourself.
From the employer
What you’ll do
- Develop and work with supporting secure AI and LLM usage/integration both in products and within Security
- Develop building blocks to accept payments and move funds
- Stripes Core Products including Connect, Subscriptions, Checkout, RADAR, and Issuing
- Build/Enhance automated threat modeling tooling
- Identify and help reduce security debt across our product portfolio
- Work closely with product engineering teams to design solutions that are secure by default
- Tailor answers to security questions from non-engineers and engineers
- Lead threat modeling discussions and help teams strike the right balance between security, user experience and product advancement
- Scale security effort by empowering engineering teams with automation, security guidance, tooling, patterns and training
- Drive high impact, cross-team security initiatives
- Mentor teammates and others across the organization
Who you are
- Bachelor’s degree or foreign equivalent in Computer Science, Security Informatics, or related followed by 5 years of security engineering experience in a production environment.
- 5 years of experience with multiple CSPs, including AWS and either GCP or Azure
- 5 years of experience with application and infrastructure security
- 5 years of experience developing threat models and helping teams reason through different approaches to reduce security risk
- 4 years of experience with containerization and orchestration technologies including Docker or Kubernetes
Additional benefits
- Equity, company bonus or sales commissions/bonuses
- 401(k) plan
- Medical, dental, and vision benefits
- Wellness stipends
Questions about this role
What is the remote work policy for this role?
This position offers full remote work.
What is the seniority level for this position?
This is a middle-seniority level role, designated as IC-03.
What is the salary range for this role?
The salary for this position ranges from $80,500 to $138,000 USD.