Security Engineer, Threat Detection

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the team

The Threat Detection team works to proactively analyze, prevent, detect and respond to threats before they impact Stripe’s business or users.  We defend against external attacks and manage insider risk. The team is distributed, working primarily in Eastern and Pacific time zones, and will regularly coordinate with stakeholders in Europe and Asia.

What you’ll do

You will leverage your security engineering experience to improve detection and response capabilities at Stripe.  With an emphasis on user and entity behavior analytics, as well as endpoint hardening, you will gain a deep understanding of Stripe’s systems, tooling, and workflows to be able to differentiate between legitimate and malicious activity.  Using both threat intelligence and collected telemetry, you will guide and build Stripe-specific detection and signals enrichment logic that scale with our company.  Lastly, your analytic capabilities will be critical during security incidents to reduce uncertainty, uncover root causes, and inform future prevention and detection mechanisms. 

Responsibilities

• Analyze and investigate a broad range of threats or activities occurring on client devices
• Develop requirements for detection models and enhancements to existing systems
• Collect, transform, and ingest raw data from disparate sources into threat detection pipelines
• Streamline incident response capabilities, ensuring the tooling and processes are clear
• Work cross-functionally with security engineering and data science teams to build solutions for analyzing security events data at scale and protecting Stripe networks, systems, and data from threats
• Provide actionable insights to help identify, prevent, detect, and respond to anomalous or potentially malicious user and entity activity
• Act as the subject-matter expert and primary contact for stakeholder teams invested in Threat Detection’s programs and Stripe-wide security initiatives
• Collaborate effectively with teammates, leading projects, mentoring others, and developing and championing quality standards within the team

Who you are

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

Minimum requirements

• 5+ years experience analyzing large data sets to solve problems and/or building models with a behavioural approach to security
• B.S. or M.S. Computer Science or related field, or equivalent experience
• Expert knowledge of Python and SQL, and familiarity with other programming languages
• Existing experience with log analysis (e.g. first or third party applications, system / data access, event logs), network security, digital forensics, and incident response investigations
• Proficiency with developing and using novel analytical methods to build and automate attack detection systems
• Ability to communicate results clearly and focus on impact
• Ability to think creatively and holistically about reducing risk in a complex environment

Preferred qualifications

• An adversarial mindset, understanding the goals, behaviors, and TTPs of threat actors. 
• Experience with engineering, data processing and analysis tools (e.g. Databricks, Trino, etc.)
• Familiarity with common open-source frameworks for big data processing and/or data science (PySpark, Pandas, Sci-kit Learn, etc.)
• Experience with tactical threat intelligence and/or hunting for sophisticated threat actors in an enterprise environment
• Familiarity with network observability, security software, or data engineering solutions (osquery, Splunk, etc.)
• Experience in one or more of the following areas: user and entity behavior analytics (UEBA), security information event management (SIEM), or data loss prevention (DLP)