Stripe18.04.2026
Security Engineer - Offensive Security
Ireland
Обязанности
- 01Conduct comprehensive penetration tests across web applications, APIs, cloud environments (AWS/GCP/Azure), mobile applications, and internal infrastructure
- 02Plan and execute red team engagements that emulate the TTPs of cyber and criminal threat actors targeting financial services, including initial access, lateral movement, persistence, and data exfiltration scenarios
- 03Perform assumed-breach and objective-based assessments to test detection and response capabilities in coordination with defensive teams
- 04Partner with detection engineering, threat intelligence, and incident response teams to validate security controls, identify coverage gaps, and improve detection fidelity
- 05Contribute adversary tradecraft insights to inform detection rule development, threat hunting hypotheses, and incident response playbooks
- 06Support incident investigations by providing offensive expertise, log analysis, and root cause analysis when required
- 07Design, develop, and maintain custom offensive tools, scripts, and automation frameworks to enhance assessment efficiency and coverage
- 08Build internal platforms and workflows that enable scalable, repeatable offensive operations
- 09Contribute to internal security tooling repositories and champion engineering best practices within the team
- 10Automate repetitive testing tasks, payload generation, and reporting workflows using modern development practices
- 11Produce clear, actionable reports that communicate technical findings, business risk, and remediation guidance to both technical and non-technical stakeholders
- 12Act as a subject-matter expert and primary point of contact for stakeholder teams engaged in offensive security programs and Stripe-wide security initiatives
- 13Lead offensive security projects end-to-end, mentor junior team members, and foster a culture of continuous learning and knowledge sharing
- 14Stay current with emerging threats, vulnerabilities, and attack techniques; share research internally and contribute to the broader security community
Требования
- 015+ years of experience in offensive security, penetration testing, red teaming, or a related field
- 02Strong programming skills in Python, Go, or similar languages, with demonstrated experience building tools, automation, or custom exploits
- 03Deep knowledge of web application security, including OWASP Top 10, ASVS, and common vulnerability classes (injection, auth flaws, business logic, etc.)
- 04Hands-on experience with cloud platforms (AWS, Azure, or GCP), including cloud-native attack techniques and misconfigurations
- 05Proficiency with offensive tooling such as Burp Suite, Cobalt Strike, Mythic, Sliver, BloodHound, or similar frameworks
- 06Familiarity with adversary tradecraft and frameworks such as MITRE ATT&CK, including TTPs for initial access, privilege escalation, lateral movement, and exfiltration
- 07Excellent written and verbal communication skills, with the ability to translate complex technical findings into clear, risk-based recommendations
- 08Ability to think like an adversary — creative, persistent, and able to holistically assess risk in complex environments
Условия
- 01Distributed across the United States, primarily operating in Eastern and Pacific time zones
- 02Collaborates regularly with security, engineering, and product stakeholders across Stripe — including teams in Europe and Asia