3 months ago

Application Security Engineer at Stripe

74% 40 hours / week North America (Remote)
Paid dental insurance
Food or lunch benefits
Paid health insurance
Paid parental leave
Employee training program

Stripe’s application security team is responsible for both finding bugs and designing mitigations for broad classes of bugs. We use and work on state of the art tools, maintain the infrastructure that supports our efforts, and empower Product Engineering (who focus on anything from core payments APIs, to powerful dashboards, to mobile apps and consumer-facing products) to move to move quickly without compromising on safety. Because of the nature of Stripe’s product, nearly every system we operate needs to interact with sensitive financial and personal data, making the security team an extremely dynamic environment to join. ## You will: - Work with our code - Inform what we do and how we do it - Develop techniques to ensure engineering teams find flaws before they are introduced into production - Be a security subject matter expert and respond to any security engineering question - Work with engineering teams to design solutions that are inherently secure - Be a champion for simple security models - Correctly balance security risk and product advancement - Lead software security initiatives - Lead threat modeling discussions - Evaluate the security posture of existing applications - Perform proactive research to detect new attack vectors and pentest internal and external apps

We’re looking for someone who has:

  • Software engineering experience in a production environment
  • A deep understanding of the web’s architecture
  • A knack for finding flaws in software and can efficiently communicate how to fix them
  • Strong communication skills and is accustomed to working closely with a product team
  • Doesn’t always default to industry norms when solving a problem
  • An ability to think like an attacker to develop threat models
  • Has designed and implemented mitigations for common classes of bugs