
Stripe · South San Francisco
WHO WE ARE ABOUT STRIPE Stripe is a financial infrastructure platform for businesses. Millions of companies - from the world’s largest enterprises to the mos...
Stripe is a financial infrastructure platform for businesses. Millions of companies - from the world’s largest enterprises to the
most ambitious startups - use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our
mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an
unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
advancement
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you
are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Bachelor’s degree or foreign equivalent in Computer Science, Security Informatics, or related followed by 5 years of security
engineering experience in a production environment.
Salary: $194,251 - $268,400/yr.
This salary range represents the base salary range for the role and any sales commissions / sales bonuses targets, if applicable,
would be in addition to the base salary.
40 hrs/week
Full remote work permitted.
Multiple Positions Available.
Additional benefits for this role may include: equity, company bonus or sales commissions/bonuses; 401(k) plan; medical, dental,
and vision benefits; and wellness stipends. CA18
WHO WE ARE ABOUT STRIPE Stripe is a financial infrastructure platform for businesses. Millions of companies - from the world’s largest enterprises to the most ambitious startups - use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career. WHAT YOU’LL DO RESPONSIBILITIES * Design and implement infrastructure security controls for the company’s “Secure Platform,” ensuring compliance with security principles while optimizing user experience * Develop and manage infrastructure as code (IaC) for cloud security configurations, maintaining consistency and enforcing strict change management practices * Conduct security assessments and threat modeling to identify vulnerabilities in cloud-native applications, collaborating with cross-functional teams to address risks * Evaluate and prototype new security tools and methodologies to enhance the security posture of company’s cloud environment, utilizing data driven metrics to inform decisions * Foster a culture of continuous improvement by sharing best practices, refining engineering standards, and contributing to the team’s learning and development WHO YOU ARE We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement. MINIMUM REQUIREMENTS Bachelor’s degree or foreign equivalent in Computer Science, Information Technology, or related field followed by 2 years of security solutions IT experience. Position also requires the following: * 2 years of experience building software applications in Go, Python, Java, JavaScript, or C# * 2 years of experience with AWS or Azure cloud infrastructure-as-a-service providers * 1 year of experience securing cloud applications and endpoints * 1 year of experience with security threat modeling, incident response, or investigations * 1 year of experience with Infrastructure as Code utilizing Terraform or CloudFormation Salary: $158,800 - $238,200/yr. This salary range represents the base salary range for the role and any sales commissions/sales bonuses targets, if applicable, would be in addition to the base salary. 40 hrs/week 50% remote work permitted. Multiple Positions Available. Additional benefits for this role may include: equity, company bonus or sales commissions/bonuses; 401(k) plan; medical, dental, and vision benefits; and wellness stipends. WA17 #LI-DNI
WHO WE ARE ABOUT STRIPE Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world's largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career. ABOUT THE TEAM The Proactive Threat team is responsible for identifying vulnerabilities and security weaknesses across Stripe's systems, applications, networks, and cloud infrastructure — before adversaries do. We operate as a hybrid offensive function: conducting penetration testing, emulating real-world threat actors through red team operations, and partnering closely with our defensive security teams to validate detection capabilities and improve Stripe's overall security posture. We are builders first. Our team develops custom tooling, automation frameworks, and internal platforms that scale our offensive capabilities and enable repeatable, high-fidelity assessments. We believe the best offensive security engineers are equal parts hacker and engineer. The team is distributed across the United States, primarily operating in Eastern and Pacific time zones, and collaborates regularly with security, engineering, and product stakeholders across Stripe — including teams in Europe and Asia. WHAT YOU'LL DO As an Offensive Security Engineer on the Proactive Threat team, you will simulate the tactics, techniques, and procedures (TTPs) of real-world adversaries to uncover security risks across Stripe's products and infrastructure. You'll conduct hands-on penetration testing, lead red team engagements, and collaborate with blue team counterparts to validate and improve detection and response capabilities. Your work will directly influence how Stripe builds, ships, and secures financial infrastructure used by millions of businesses worldwide. Beyond assessments, you'll design and build offensive tooling and automation that amplifies the team's impact. You'll leverage threat intelligence to prioritize testing efforts, contribute to incident investigations when needed, and act as a subject-matter expert for security initiatives across the company. RESPONSIBILITIES * Conduct comprehensive penetration tests across web applications, APIs, cloud environments (AWS/GCP/Azure), mobile applications, and internal infrastructure * Plan and execute red team engagements that emulate the TTPs of cyber and criminal threat actors targeting financial services, including initial access, lateral movement, persistence, and data exfiltration scenarios * Perform assumed-breach and objective-based assessments to test detection and response capabilities in coordination with defensive teams * Partner with detection engineering, threat intelligence, and incident response teams to validate security controls, identify coverage gaps, and improve detection fidelity * Contribute adversary tradecraft insights to inform detection rule development, threat hunting hypotheses, and incident response playbooks * Support incident investigations by providing offensive expertise, log analysis, and root cause analysis when required * Design, develop, and maintain custom offensive tools, scripts, and automation frameworks to enhance assessment efficiency and coverage * Build internal platforms and workflows that enable scalable, repeatable offensive operations * Contribute to internal security tooling repositories and champion engineering best practices within the team * Automate repetitive testing tasks, payload generation, and reporting workflows using modern development practices * Produce clear, actionable reports that communicate technical findings, business risk, and remediation guidance to both technical and non-technical stakeholders * Act as a subject-matter expert and primary point of contact for stakeholder teams engaged in offensive security programs and Stripe-wide security initiatives * Lead offensive security projects end-to-end, mentor junior team members, and foster a culture of continuous learning and knowledge sharing * Stay current with emerging threats, vulnerabilities, and attack techniques; share research internally and contribute to the broader security community WHO YOU ARE We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement. MINIMUM REQUIREMENTS * 5+ years of experience in offensive security, penetration testing, red teaming, or a related field * Strong programming skills in Python, Go, or similar languages, with demonstrated experience building tools, automation, or custom exploits * Deep knowledge of web application security, including OWASP Top 10, ASVS, and common vulnerability classes (injection, auth flaws, business logic, etc.) * Hands-on experience with cloud platforms (AWS, Azure, or GCP), including cloud-native attack techniques and misconfigurations * Proficiency with offensive tooling such as Burp Suite, Cobalt Strike, Mythic, Sliver, BloodHound, or similar frameworks * Familiarity with adversary tradecraft and frameworks such as MITRE ATT&CK, including TTPs for initial access, privilege escalation, lateral movement, and exfiltration * Excellent written and verbal communication skills, with the ability to translate complex technical findings into clear, risk-based recommendations * Ability to think like an adversary — creative, persistent, and able to holistically assess risk in complex environments PREFERRED QUALIFICATIONS * Experience conducting offensive security in fintech, financial services, or other highly regulated environments * Background in vulnerability research, exploit development, or CVE discovery * Experience collaborating with threat intelligence, detection engineering, or incident response teams (purple team operations) * Familiarity with big data and log analysis tools (Splunk, Databricks, PySpark, osquery, etc.) for threat hunting or investigative support * Proficiency with AI/LLM-assisted development tools (e.g., Claude Code, Cursor, GitHub Copilot) and experience applying them to offensive security workflows * Interest or experience in agentic automation — using LLMs or autonomous agents to augment reconnaissance, vulnerability discovery, or exploitation workflows * Experience testing AI/ML systems or LLM-based applications for security weaknesses (prompt injection, training data extraction, model manipulation, etc.) * Contributions to open-source security tools, published research, blog posts, or conference presentations * Relevant certifications such as OSCP, OSWE, OSEP, OSED, CRTO, CPTS, PNPT, GXPN, or cloud security certifications
WHO WE ARE ABOUT STRIPE Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world's largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career. ABOUT THE TEAM We're creating an entirely new payments platform, built with stablecoins, to simplify global money movement. Bridge enables faster, cheaper payments and borderless access to dollars via stablecoins. Through our APIs, businesses can send and receive funds across borders faster and cheaper vs. SWIFT and other fiat-only rails. Our virtual accounts enable international consumers and businesses to easily access, store, and spend US dollars. Our payouts infrastructure enables platforms to disburse USD to anyone globally. We believe many trillions of dollars will move and settle through stablecoin payment rails. Bridge is pulling this future forward. We have a small team of people who have previously built financial infrastructure at some of the world's leading companies (Coinbase, Stripe, Square, Brex, Upstart, DoorDash, Airbnb), and each and every one of them chose Bridge because they fundamentally believe that stablecoins will be a critical piece of financial infrastructure that allows for the improvement of global money movement. WHAT YOU'LL DO We're hiring a Security Engineer to build and scale the Bridge security foundation. This is a rare opportunity to design a security program from the ground up, while also leveraging the infrastructure, best practices, and tooling of one of the most mature security organizations in the industry. RESPONSIBILITIES * Design and implement the Bridge security roadmap from first principles to production. * Identify and tackle the most important Bridge security risks quickly and pragmatically. * Integrate with Stripe infrastructure where it makes sense, and find custom solutions where it doesn't. * Lead threat modeling and hardening efforts for the Bridge money movement systems in collaboration with crypto and infra teams. * Build key security capabilities, including monitoring, secrets management, incident response, access controls, and CI/CD hardening. * Reinforce engineering best practices around secure development and infrastructure. * Ensure Bridge meets compliance and audit expectations as we scale to more regulated markets. * Collaborate cross-functionally with engineering, product, and the Stripe security organization to move fast without compromising safety. WHO YOU ARE MINIMUM REQUIREMENTS * 8+ years of experience in Security engineering. * Experience building or scaling security programs at a startup or in an embedded role. PREFERRED QUALIFICATIONS * Experience in fast-paced startup environments, building security practices from the ground up. * Startup mindset—scrappy, pragmatic, and quick to solve the most critical problems. * Comfort writing and debugging backend application code, with Ruby experience preferred. * Comfort with ambiguity and ability to ruthlessly prioritize. * Ability to balance security rigor with speed, especially in fast-moving environments. * Clear communication across technical and non-technical stakeholders. * Interest in the potential of crypto and stablecoins to power global financial infrastructure. ----------------------------------------------------------------------------------------------------------------------------------