AppSec Engineer

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the Team

As a platform company powering businesses all over the world, Stripe processes payments, runs marketplaces, detects fraud, helps entrepreneurs start an internet business from anywhere in the world. Stripe's AppSec Engineers build scanning platforms and tooling, alert and remediation pipelines, ensure reliable data, and transform data from various inputs and applications used to ultimately represent security posture across all of Stripe.

At Stripe, we are building security scanning and posture infrastructure using data science tooling and big data systems that will help us with scale while making onboarding and analysis of new data easy and transparent. Rather than traditional commercial tooling, you’ll help to drive codified processes, data analytics and automation. This is a unique challenge for a cyber professional interested in non‑traditional security monitoring and response designed to function within a development operations framework. You’ll maintain strong partnerships with the security assessment and security discovery teams on capabilities and other security teams to understand the interfaces to those systems useful for monitoring and response throughout Stripe.

Responsibilities

• Understand data tooling available at Stripe and determine how to best leverage, modify, or fork them for use by security
• Create libraries, tooling and platform needed to operationalize continuous security testing tools at scale
• Enable holistic data integration to support advanced data analytics
• Maintain libraries that enable interaction with various internal and external data sources and systems used for correlation of security posture logic
• Create a reliability layer for metrics related to the data pipeline both for easy debugging and constant improvement of bottlenecks
• Create APIs to help security teams access underlying data

Minimum Requirements

• A strong engineering background with interest in data
• Experience writing production Python and Go code
• Experience developing and maintaining distributed systems built with open source tools
• Experience building libraries and tooling that provide beautiful abstractions to users
• Experience integrating with CI/CD developer flows
• Experience with tools such as Kafka, Airflow and various Notebook technology
• 4+ years of relevant experience in Security
• Experience as a consumer of data science tooling and infrastructure
• Experience with security technologies including endpoint detection, network technologies, AWS cloud services
• Strong understanding of the technical capabilities needed for an effective appsec and vulnerability management capability
• Ability to build strong relationships and drive cross‑functional projects with engineering partners

Preferred Qualifications

• Ability to drive concurrent projects and initiatives while managing operational responsibilities
• An exemplary, user‑focused communication style; emphasizing clarity, empathy and accuracy
• Demonstrated success working remotely
• Ability to deliver capabilities to teams in an iterative manner while building towards a larger vision
• Demonstrated success overseeing internal tool development and automation at scale
• Experience with collection of compliance artifacts, security incidents and risk awareness