MLW LogoMost Loved Workplace® Certified Job

Security Engineer - Threat Detection

MLW LogoAssessed by Most Loved Workplace®
92% of candidates apply because they are a Most Loved Workplace®
Ireland
8611 Security Analytics
This position may no longer be active.View all open positions at Stripe

About the Role

At Stripe, a Most Loved Workplace® certified employer in the Financial Services space, Economic infrastructure for the internet, powering ambitious businesses globally..

<h2>Who we are</h2>

<h3>About Stripe</h3>

<p>Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world's largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.</p>

<h3>About the team</h3>

<p>The Proactive Threat team identifies, detects, and responds to threats before they impact Stripe's business or users. The Detection Engineering & Threat Hunting function sits at the intersection of offense and defense — we leverage deep knowledge of attacker tradecraft to build high-fidelity detections, hunt for sophisticated threats, and validate defensive capabilities across Stripe's critical systems.</p>

<p>We are builders first. Our team develops detection-as-code, automates analysis workflows, and builds tooling that scales detection and response across a complex, global environment. We partner closely with Threat Intelligence, Incident Response, and offensive security teams to ensure our detections are grounded in real-world adversary behavior.</p>

<p>The team is distributed across the United States (Eastern and Pacific time zones) and collaborates regularly with stakeholders across Stripe — including teams in Europe and Asia.</p>

<h2>What you'll do</h2>

<p>You will design, build, and maintain detections that identify malicious activity across Stripe's infrastructure, applications, and cloud environments. You'll leverage your understanding of attacker TTPs — from initial access through exfiltration — to develop detection logic that catches real threats while minimizing noise. Beyond writing detections, you'll conduct threat hunts, perform malware analysis, and build automation that enables detection engineering at scale.</p>

<h3>Responsibilities</h3>

<ul>

<li>Design, build, and tune high-fidelity detections across modern SIEM platforms, covering adversary TTPs across the full attack lifecycle</li>

<li>Develop detection hypotheses by researching TTPs, identifying evidence sources, and determining detection opportunities across available telemetry</li>

<li>Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls</li>

<li>Perform malware analysis and reverse engineering to extract indicators and inform detection strategies</li>

<li>Build network-based detections (flow, pcap, protocol analysis) and endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS</li>

<li>Partner with Threat Intelligence to operationalize intel reports into detections, hunting leads, and enrichment logic</li>

<li>Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises</li>

<li>Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment</li>

<li>Map detection coverage to MITRE ATT&CK, identifying and prioritizing gaps across key attack surfaces</li>

<li>Lead projects, mentor teammates, and champion quality standards within the team</li>

</ul>

<h2>Who you are</h2>

<p>We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.</p>

<h3>Minimum requirements</h3>

<ul>

<li>5+ years of experience in detection engineering, threat hunting, or security operations</li>

<li>Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel)</li>

<li>Strong understanding of adversary tradecraft across the attack lifecycle: initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration</li>

<li>Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities</li>

<li>Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS)</li>

<li>Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources</li>

<li>Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L, SQL) and programming (Python or similar)</li>

<li>Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences</li>

<li>Adversarial mindset — understanding how attackers operate to build detections that catch real-world threats</li>

</ul>

<h3>Preferred qualifications</h3>

<ul>

<li>Experience in detection engineering or threat hunting within fintech, financial services, or highly regulated environments</li>

<li>Background in malware analysis, reverse engineering, or threat research</li>

<li>Experience with purple team operations — collaborating with offensive security to validate detections</li>

<li>Familiarity with big data platforms (Databricks, Trino, PySpark) for large-scale log analysis</li>

<li>Proficiency with AI/LLM-assisted development tools (Claude Code, Cursor, GitHub Copilot) applied to detection workflows</li>

<li>Interest in agentic automation — using LLMs to augment hunting, tuning, or triage</li>

<li>Experience with detection validation tools (Atomic Red Team, ATT&CK Evaluations)</li>

<li>Contributions to open-source detection content, research, or conference presentations</li>

<li>Relevant certifications such as HTB CDSA, GCIH, GCFA, GNFA, OSCP, TCM PMAT, or GREM</li>

</ul>

Want to learn more about what it's like to work at Stripe? View our full profile.

MLW Logo

Why This Is a Most Loved Workplace® Certified Job

What It's Like to Work Here

Lightbulb Problem-Solving Excellence
Globe Global Perspective
Users Customer Obsession
Zap Ownership Mentality
Target Long-term Thinking

Frequently Asked Questions About Working at Stripe

Common questions candidates ask about this role and Stripe's workplace

Stripe powers online and in-person payment processing and financial solutions for businesses of all sizes.

Please review the specific job listing or contact Stripe's recruiting team for details on remote or hybrid work options for this role.

Salary information may vary by role and location. Please check the specific job listing or discuss compensation during the interview process.

Stripe is an established organization in its industry. The company focuses on maintaining a supportive workplace culture for all employees.

Key benefit categories include: Health & Wellness, Financial & Lifestyle, Learning & Development, Work Environment. You can view more details on their CertCheck profile.

The day-to-day environment is guided by core values such as Problem-Solving Excellence and Global Perspective and Customer Obsession.

The company has committed to inclusive practices including: Invest in Growth and Development and Foster Psychological Safety and Inclusion.

Stripe has a supportive and collaborative culture, recognized as a loved place to work by its team members.

Stripe currently has 490 open positions. They are hiring across departments like 1650 AI GTM Strategy & Solutions, 1195 Account Executives (APAC), 1175 Enterprise - Account Executives (NA). You can view all current openings at certcheck.mostlovedworkplace.com/companies/stripe/jobs.

The interview process typically involves an initial recruiter screen followed by team interviews. Please contact Stripe's recruiting team for specific details on this role's process.

Apply for Security Engineer - Threat Detection

Submit your application directly to the Stripe team. Let them know why you'd be a great addition to their loved place to work.

Most Loved Workplace® Logo
Powered by Most Loved Workplace®

The global standard for company culture certification and employer of choice visibility.

Learn more about Most Loved Workplace®