Application Security Engineer


security cloud developer heroku api security qa testing security

Posted 5 months ago

Share this with a friend 👉

Stripe’s application security team is responsible for both finding bugs in our public facing applications, and designing and building mitigations for broad classes of bugs. We use and work on state of the art tools, maintain the infrastructure that supports our efforts, and empower Product Engineering (who focus on anything from core payments APIs, to powerful dashboards, to mobile apps and consumer-facing products) to move quickly without compromising on safety. Because of the nature of Stripe’s product, nearly every system we operate needs to interact with sensitive financial and personal data, making the security team an extremely dynamic environment to join.

You will:

  • Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production

  • Be a security subject matter expert and respond to internal security engineering questions/request

  • Work with other teams to help architect solutions that are inherently secure

  • Correctly balance security risk and product advancement

  • Perform penetration testing on our internal and external applications

  • Threat model existing applications

  • Support incident response when a security event occurs

  • Perform proactive research to detect new attack vectors

We’re looking for someone who has:

  • Implemented mitigations for common classes of bugs in a popular web framework before

  • Software engineering experience in production environment

  • A deep understanding of the web’s architecture

  • A knack for finding flaws in software and can effectively communicate how to fix them

  • Strong communication skills and is accustomed to working closely with a product team

  • The ability to think like an attacker and use that context to develop threat models

Apply Back