Stripe18.04.2026
Security Engineer - Threat Detection
Ireland
Обязанности
- 01Design, build, and tune high-fidelity detections across modern SIEM platforms, covering adversary TTPs across the full attack lifecycle
- 02Develop detection hypotheses by researching TTPs, identifying evidence sources, and determining detection opportunities across available telemetry
- 03Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls
- 04Perform malware analysis and reverse engineering to extract indicators and inform detection strategies
- 05Build network-based detections (flow, pcap, protocol analysis) and endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS
- 06Partner with Threat Intelligence to operationalize intel reports into detections, hunting leads, and enrichment logic
- 07Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises
- 08Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment
- 09Map detection coverage to MITRE ATT&CK, identifying and prioritizing gaps across key attack surfaces
- 10Lead projects, mentor teammates, and champion quality standards within the team
Требования
- 015+ years of experience in detection engineering, threat hunting, or security operations
- 02Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel)
- 03Strong understanding of adversary tradecraft across the attack lifecycle: initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration
- 04Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities
- 05Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS)
- 06Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources
- 07Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L, SQL) and programming (Python or similar)
- 08Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences
- 09Adversarial mindset — understanding how attackers operate to build detections that catch real-world threats
Условия
- 01Team is distributed across the United States (Eastern and Pacific time zones) and collaborates regularly with stakeholders across Stripe — including teams in Europe and Asia