Key skills
Security expertiseThreat modelingCloud securitySoftware engineeringContainerizationCryptocurrency knowledgeLearning mindsetCommunication skillsCollaborationCreative thinkingAWSAzureGCPKubernetesDockerCommunication
About this role
Stripe is a financial infrastructure platform for businesses, dedicated to improving security for its users. The Staff Security Engineer in Security Partnerships will work closely with engineering teams to design secure solutions, lead threat modeling discussions, and drive high-impact security initiatives.
Responsibilities:
- Work closely with engineering teams to design solutions that are secure by default
- Be a security subject matter expert and able to tailor answers to security questions from non-engineers and engineers, alike
- Lead threat modeling discussions and help teams strike the right balance between security, user experience and product advancement
- Scale security effort by empowering engineering teams with automation, security guidance, tooling, patterns and training
- Drive high impact, cross-team security initiatives
- Develop a deep understanding of Stripe’s security primitives, frameworks, and invariants
- Mentor teammates and others across the organization
Requirements:
- 8+ years of experience in security
- Empathy, strong communication skills and a deep respect for the power of collaboration
- A learning mindset, regardless of level or experience
- The ability to drive clear next steps when encountering ambiguous spaces without clear lines of ownership
- An ability to think creatively and holistically about reducing risk in a complex environment
- Breadth of applied knowledge across application and infrastructure security
- Demonstrated experience securing applications in a cloud environment
- The ability to think like an attacker, develop threat models and help teams reason through different approaches to reducing security risk
- A desire to sub-linearly scale security through simple design, abstraction and education
- Software engineering experience in a production environment
- Mobile security experience (native apps and mobile SDKs)
- Experience with multiple Cloud Service Providers (AWS, Azure, GCP)
- Experience with containerization and orchestration technologies such as Docker or Kubernetes
- Cryptocurrency and related technologies
- M&A due diligence and integration experience