Security Engineer - Offensive Security

About the role

Stripe’s Proactive Threat team is looking for an Offensive Security Engineer to simulate real‑world adversary tactics, techniques, and procedures. You will conduct hands‑on penetration testing, lead red‑team engagements, and work closely with defensive teams to improve detection and response across Stripe’s financial infrastructure.

Key responsibilities

• Perform comprehensive penetration tests on web applications, APIs, cloud environments (AWS, GCP, Azure), mobile apps, and internal infrastructure.
• Plan and execute red‑team engagements that emulate the TTPs of cyber‑criminal threat actors targeting financial services.
• Conduct assumed‑breach and objective‑based assessments to validate detection and response capabilities.
• Collaborate with detection engineering, threat intelligence, and incident response teams to verify security controls.
• Design and build offensive tooling and automation frameworks to scale assessments.
• Leverage threat intelligence to prioritize testing and contribute to incident investigations.

Required profile

• Hands‑on experience conducting penetration testing and red‑team operations.
• Strong understanding of cloud platforms (AWS, GCP, Azure) and their security models.
• Ability to develop custom offensive tools and automation.
• Experience working with detection engineering, threat intelligence, and incident response teams.

Required skills

• Penetration testing
• Red‑team engagements
• AWS, GCP, Azure
• Web application and API security
• Mobile application security
• Threat intelligence
• Detection engineering
• Incident response
• Offensive tooling development
• Automation frameworks

What we offer

• Opportunity to influence the security of a global financial infrastructure used by millions of businesses.
• Collaborative environment with distributed teams across the United States and worldwide.
• Access to cutting‑edge security tools and resources.