# Security Engineer - Threat Detection

**Company**: Stripe
**Location**: Ireland
**Work arrangement**: remote
**Experience**: senior
**Job type**: full-time
**Category**: Engineering
**Industry**: Technology

**Apply**: https://job-boards.greenhouse.io/stripe/jobs/7827230
**Canonical**: https://yubhub.co/jobs/job_c2aaf7ac-804

## Description

## Job Description

You will design, build, and maintain detections that identify malicious activity across Stripe's infrastructure, applications, and cloud environments.

## Responsibilities

- Design, build, and tune high-fidelity detections across modern SIEM platforms, covering adversary TTPs across the full attack lifecycle

- Develop detection hypotheses by researching TTPs, identifying evidence sources, and determining detection opportunities across available telemetry

- Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls

- Perform malware analysis and reverse engineering to extract indicators and inform detection strategies

- Build network-based detections (flow, pcap, protocol analysis) and endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS

- Partner with Threat Intelligence to operationalize intel reports into detections, hunting leads, and enrichment logic

- Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises

- Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment

- Map detection coverage to MITRE ATT&CK, identifying and prioritizing gaps across key attack surfaces

- Lead projects, mentor teammates, and champion quality standards within the team

## Requirements

- 5+ years of experience in detection engineering, threat hunting, or security operations

- Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel)

- Strong understanding of adversary tradecraft across the attack lifecycle: initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration

- Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities

- Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS)

- Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources

- Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L, SQL) and programming (Python or similar)

- Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences

- Adversarial mindset , understanding how attackers operate to build detections that catch real-world threats

## Preferred Qualifications

- Experience in detection engineering or threat hunting within fintech, financial services, or highly regulated environments

- Background in malware analysis, reverse engineering, or threat research

- Experience with purple team operations , collaborating with offensive security to validate detections

- Familiarity with big data platforms (Databricks, Trino, PySpark) for large-scale log analysis

- Proficiency with AI/LLM-assisted development tools (Claude Code, Cursor, GitHub Copilot) applied to detection workflows

- Interest in agentic automation , using LLMs to augment hunting, tuning, or triage

- Experience with detection validation tools (Atomic Red Team, ATT&CK Evaluations)

- Contributions to open-source detection content, research, or conference presentations

- Relevant certifications such as HTB CDSA, GCIH, GCFA, GNFA, OSCP, TCM PMAT, or GREM

## Skills

### Required
- detection engineering
- threat hunting
- security operations
- SIEM platforms
- adversary tradecraft
- network-based detections
- endpoint-based detections
- telemetry analysis
- detection/query languages
- programming
- communication skills

### Nice to have
- fintech
- financial services
- malware analysis
- reverse engineering
- purple team operations
- big data platforms
- AI/LLM-assisted development tools
- agentic automation
- detection validation tools
- open-source detection content
- relevant certifications