Stripe18.04.2026

Security Engineer - Threat Detection

Ireland

Обязанности

  • 01Design, build, and tune high-fidelity detections across modern SIEM platforms, covering adversary TTPs across the full attack lifecycle
  • 02Develop detection hypotheses by researching TTPs, identifying evidence sources, and determining detection opportunities across available telemetry
  • 03Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls
  • 04Perform malware analysis and reverse engineering to extract indicators and inform detection strategies
  • 05Build network-based detections (flow, pcap, protocol analysis) and endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS
  • 06Partner with Threat Intelligence to operationalize intel reports into detections, hunting leads, and enrichment logic
  • 07Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises
  • 08Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment
  • 09Map detection coverage to MITRE ATT&CK, identifying and prioritizing gaps across key attack surfaces
  • 10Lead projects, mentor teammates, and champion quality standards within the team

Требования

  • 015+ years of experience in detection engineering, threat hunting, or security operations
  • 02Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel)
  • 03Strong understanding of adversary tradecraft across the attack lifecycle: initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration
  • 04Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities
  • 05Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS)
  • 06Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources
  • 07Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L, SQL) and programming (Python or similar)
  • 08Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences
  • 09Adversarial mindset — understanding how attackers operate to build detections that catch real-world threats

Условия

  • 01Team is distributed across the United States (Eastern and Pacific time zones) and collaborates regularly with stakeholders across Stripe — including teams in Europe and Asia