Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments grow their revenue and accelerate new business opportunities. Our mission is to increase the GDP of the internet and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the team

The Security Operations team is responsible for triaging and assessing the severity of incoming security alerts responding with initial containment measures and escalating as needed to incident responders for further investigation and resolution. They analyze a variety of data sources to identify potential threats collect requirements for operational enhancements to detection and response systems and generally scale security processes.  From external attacks to insider threats our goal is to respond with speed and precision remediate and support the incident postmortem process. The team is distributed globally and regularly coordinates with stakeholders in North America Europe and Asia.

What you’ll do

You will leverage your security operations management experience to improve incident response capabilities at Stripe. You will manage a team of security analysts on the front lines of the incident response process hiring training and evaluating their performance providing technical guidance where needed developing clear and consistent response procedures and ensuring timely and effective resolution of casework. You will also collaborate with various internal stakeholders including the Security Analytics and Detection teams and make continuous improvements to Stripe’s security incident response function.

Responsibilities

• Lead and support a team of security analysts who triage assess and respond to threats

• Provide technical guidance to the team as a subject matter expert

• Influence the organizational mission and vision by ensuring prioritization and delivery of project work that is aligned with relevant security roadmaps

• Strengthen KPIs and metrics for measuring response operations effectiveness for clear and consistent reporting to internal stakeholders

• Work cross-functionally with security engineering teams to gather requirements for analyzing security events data at scale and protecting Stripe networks systems and data from threats

• Develop document and implement strategies runbooks and capabilities to support the incident response process

• Continuously improve security processes and response capabilities by collaborating with security engineers and analysts

• Coach and mentor individual contributors enabling career development and championing quality standards within the team

Who you are

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements you are encouraged to apply. The preferred qualifications are a bonus not a requirement.

Minimum requirements

• 5+ years experience leading Security Operations or Incident Response teams including hands-on technical management experience of security analysts or engineers

• B.S. or M.S. Computer Science or related field or equivalent experience in Security

• Experience recruiting growing and leading technical teams including performance management

• Excellent written and verbal communication skills including the ability to develop and deliver operational or incident-related information to leadership

• Advanced knowledge of data analytics (e.g. logs for first or third party applications system / data access events) network security digital forensics and incident response investigations

• Experience with Python and SQL and/or familiarity with other programming languages

• Familiarity with operating systems file systems and memory on macOS Linux or Windows

• Strong understanding of threat actor tactics techniques and procedures (TTPs)

Preferred qualifications

• Broad knowledge and experience across the information security domain including familiarity with endpoint email network identity management cloud security vulnerability management incident response and threat intelligence.

• Experience with engineering data processing and analysis tools

• Familiarity with network observability security software or data engineering solutions (Chronicle osquery Splunk etc.)