• 5+ years of experience in security
• Empathy, strong communication skills and a deep respect for the power of collaboration
• A learning mindset, regardless of level or experience
• The ability to drive clear next steps when encountering ambiguous spaces without clear lines of ownership
• An ability to think creatively and holistically about reducing risk in a complex environment
• Breadth of applied knowledge across application and infrastructure security
• Demonstrated experience securing applications in a cloud environment
• Experience with containerization and orchestration technologies such as Docker and Kubernetes
• The ability to think like an attacker, develop threat models and help teams reason through different approaches to reducing security risk
• A desire to sub-linearly scale security through simple design, abstraction and education

Desirable

• The Stripe Security team is dedicated to improving the security of Stripe and its users
• Our users trust us with some of their most sensitive information, and we make security a first-class consideration in everything we do
• Security concerns are ever-evolving, creating an extremely dynamic environment for the Security team
• Our Security Partnership team enables Stripe to build secure-by-design products
• We leverage strong relationships with both product teams and the rest of the security engineering organization to be successful
• Our scope is primarily focused on reviewing early-stage designs, helping develop threat models, scaling impact via automation, curating security patterns, authoring security guidance, training, and championing security initiatives
• We operate with an engineering mindset and are currently building out more self-service offerings for our customers
• While we, sometimes, may execute on tactical projects, one of our core principles is to be strategic in our approach to solving problems
• Support secure AI and LLM usage/integration both in products as well within Security
• Better building blocks to accept payments, move funds, etc
• Stripes Core Products ranging from Connect, Subscriptions, Checkout, RADAR, Issuing, and more
• Link, Stripe’s first consumer focused product providing a B2C option at global scale
• Building/Enhancing our automated threat modeling tooling
• Identify and help reduce security debt across our product portfolio
• Work closely with product engineering teams to design solutions that are secure by default
• Be a security subject matter expert and able to tailor answers to security questions from non-engineers and engineers, alike
• Lead threat modeling discussions and help teams strike the right balance between security, user experience and product advancement
• Scale security effort by empowering engineering teams with automation, security guidance, tooling, patterns and training
• Drive high impact, cross-team security initiatives
• Develop a deep understanding of Stripe’s security primitives, frameworks, and invariants
• Mentor teammates and others across the organization