Description
As an Offensive Security Engineer on the Proactive Threat team at Stripe, you will simulate the tactics, techniques, and procedures (TTPs) of real-world adversaries to uncover security risks across Stripe's products and infrastructure.
You'll conduct hands-on penetration testing, lead red team engagements, and collaborate with blue team counterparts to validate and improve detection and response capabilities. Your work will directly influence how Stripe builds, ships, and secures financial infrastructure used by millions of businesses worldwide.
Responsibilities:
Conduct comprehensive penetration tests across web applications, APIs, cloud environments (AWS/GCP/Azure), mobile applications, and internal infrastructure.
Plan and execute red team engagements that emulate the TTPs of cyber and criminal threat actors targeting financial services, including initial access, lateral movement, persistence, and data exfiltration scenarios.
Perform assumed-breach and objective-based assessments to test detection and response capabilities in coordination with defensive teams.
Partner with detection engineering, threat intelligence, and incident response teams to validate security controls, identify coverage gaps, and improve detection fidelity.
Contribute adversary tradecraft insights to inform detection rule development, threat hunting hypotheses, and incident response playbooks.
Support incident investigations by providing offensive expertise, log analysis, and root cause analysis when required.
Design, develop, and maintain custom offensive tools, scripts, and automation frameworks to enhance assessment efficiency and coverage.
Build internal platforms and workflows that enable scalable, repeatable offensive operations.
Contribute to internal security tooling repositories and champion engineering best practices within the team.
Automate repetitive testing tasks, payload generation, and reporting workflows using modern development practices.
Produce clear, actionable reports that communicate technical findings, business risk, and remediation guidance to both technical and non-technical stakeholders.
Act as a subject-matter expert and primary point of contact for stakeholder teams engaged in offensive security programs and Stripe-wide security initiatives.
Lead offensive security projects end-to-end, mentor junior team members, and foster a culture of continuous learning and knowledge sharing.
Stay current with emerging threats, vulnerabilities, and attack techniques; share research internally and contribute to the broader security community.