Security Engineer, Scaled Assessment
Stripe (View all Jobs)
Remote, North America
1. Programming/debugging phone screen 2. On-site with your own laptop/setup and full access to internet. Interviews include systems design, 45 min practical coding question, integrating an API exercise, debugging, and talking with hiring manager about team alignment.
Programming Languages Mentioned
Who we are
Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.
About the team
Application security engineers use security and development knowledge to help teams to move quickly without compromising on security.
Stripe powers businesses all over the world. We process payments, run marketplaces, detect fraud, help entrepreneurs start a business from anywhere in the world, build world-class developer-friendly APIs, and more. Nearly every system we operate interacts with sensitive financial or personal data — making security a top priority for Stripe.
What you’ll do
Our Scaled Assessment team works to measure our security posture, guide risk management and provide implementation-time guard-rails. This involves programmatic detection of common security issues, providing insight to help reason about known risks, performing deep-dive code reviews on key components, and developing security guard-rails to help prevent engineers from unintentionally impacting security.
- Work with our code
- Be a security subject matter expert and answer security questions
- Deploy vulnerability management tools across CI/CD, compute, and container infrastructure to detect vulnerabilities and security misconfigurations.
- Scale proactive security controls for new products and new environments (e.g. acquisitions).
- Develop techniques to ensure teams find flaws before they are introduced into production
- Design and implement automated and integrated security testing at scale.
- Profile just-in-time code review of security-sensitive code
- Evaluate the security posture of existing applications with pentests, code review, and scoping special engagement
- Promote critical issues and bug bounty reports into incidents, help fix, and specify long-term remediation work
- Lead security initiatives
Who you are
We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
- A deep understanding of the web's security model
- An ability to correctly prioritize the best opportunities to reduce risk
- The ability to think like an attacker but maintain empathy for developers. And can express strong opinions while staying humble
- Software engineering experience in a production environment across multiple programming languages
- Ability to ignore industry norms when solving a problem
- Has designed or implemented mitigations for common bug classes
Please mention No Whiteboard if you apply!
I'm a one-man team looking to improve tech interviews, and could use any support! 😄