Remote Offensive Security Engineer Job in United States Stripe

Who you are

• 5+ years experience in offensive security or related field
• B.S. or M.S. Computer Science or related field, or equivalent experience
• Proven knowledge of web application security, including vulnerabilities such as OWASP Top10
• Experience with cloud computing platforms such as AWS, Azure, or Google Cloud Platform
• Knowledge of Python and SQL, and familiarity with other programming languages
• Ability to analyze and interpret application logs to identify and investigate potential security incidents
• Excellent written and verbal communication skills, including the ability to produce clear and concise reports
• Ability to think creatively and holistically about identifying risk in a complex environment.

Desirables

• Experience in conducting offensive security activities in the fintech or financial sectors
• An adversarial mindset, understanding the goals, behaviors, and TTPs of threat actors.
• Experience partnering with threat intelligence and incident response teams to perform log analysis, digital forensics, and incident response investigations
• Experience with engineering, data processing and analysis tools (e.g. Databricks, Trino, etc.)
• Familiarity with common open-source frameworks for big data processing and/or data science (PySpark, Pandas, Sci-kit Learn, etc.)
• Experience with tactical threat intelligence and/or hunting for sophisticated threat actors in an enterprise environment
• Familiarity with network observability, security software, or data engineering solutions (osquery, Splunk, etc.)

What the job involves

• Using your security expertise, you'll uncover security weaknesses within Stripe by simulating the tactics, techniques, and procedures (TTPs) of real-world adversaries.
• Utilize both threat intelligence and collected telemetry to emulate cyber and criminal threat actors who may target Stripe.
• Use analytic capabilities during security incidents to reduce uncertainty, uncover root causes, and inform future prevention and detection mechanisms.