Security Engineer – Threat Detection

About the role

Stripe’s Proactive Threat team is looking for a Security Engineer focused on threat detection. You will design, build, and maintain high‑fidelity detections that protect Stripe’s infrastructure, applications, and cloud environments from sophisticated adversaries.

Key responsibilities

• Design, implement, and tune detections on modern SIEM platforms covering the full attack lifecycle.
• Research attacker TTPs, develop detection hypotheses, and identify evidence sources.
• Conduct hypothesis‑driven threat hunts to uncover malicious activity and detection gaps.
• Perform malware analysis and reverse engineering to extract indicators for detection rules.
• Build network‑based detections (flow, PCAP, protocol analysis) and endpoint detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux and macOS.
• Partner with Threat Intelligence to operationalize intel into detections and enrichment logic.
• Collaborate with Incident Response, SOC, and offensive security teams to validate and refine detections.
• Develop data pipelines, automation, and tooling to enable detection‑as‑code at scale.

Required profile

• Strong understanding of attacker tactics, techniques, and procedures (TTPs) from initial access to exfiltration.
• Experience conducting threat hunts and malware analysis in a large, cloud‑native environment.
• Ability to translate security research into practical, low‑noise detection logic.
• Proven track record of building scalable detection and response solutions.

Required skills

• SIEM platforms (e.g., Splunk, Elastic, Snowflake)
• Threat hunting and detection engineering
• Malware analysis and reverse engineering
• Network flow analysis, PCAP, protocol analysis
• Endpoint detection & response (EDR) telemetry
• Windows, Linux, macOS operating systems
• Automation and scripting for detection‑as‑code