Stripe logo
Stripe

Help increase the GDP of the internet.

Cloud Security Engineer

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 1,001-5,000Since 2010H1B SponsorCompany SiteLinkedIn

Location

California + 2 moreAll locations: California | New York | Washington

Posted

72 days ago

Salary

0

Seniority

Senior

Bachelor DegreeEnglishCloud

Job Description

Cloud Security Engineer

Stripe

• Designing and implementing controls that support security invariants and enforce our security principles while providing a surprisingly great user experience • Providing a migration path for newly acquired companies onto the Stripe Secure Platform, embedding with their engineers and biasing for action • CI tooling for platform-related configuration: IAM roles, SCPs, and associated components • Guardrails and security controls for both commonly used and newer cloud technologies • Expanding our cloud identity infrastructure to provide paved paths for AI and agentic access • Automation tooling for continually driving down permissions and access across our cloud services

Job Requirements

  • Design, build, and operate the core security infrastructure used by all of Stripe’s engineering teams in close collaboration with other stakeholders and our users
  • Uphold our high engineering standards and bring consistency to the many codebases and processes you will encounter
  • Contribute to team learning by improving engineering standards, tooling, and processes
  • Design and build durable solutions that will advance Stripe’s security beyond the state of the art.
  • Help expand Stripe’s cloud footprint on top of secure, paved roads and guardrails
  • Optimize for security controls that have delightful user experiences
  • Partner closely with infrastructure and engineering teams building integrations with our cloud infrastructure or adopting new cloud managed services
  • Make impactful decisions about systems and security — their edge cases, failure modes, and life cycles
  • Use data to determine appropriate baselines against which to measure security
  • Define infrastructure that reliably feeds signals to threat teams
  • Evaluate and prototype new security tools and practices

Benefits

  • Empathy, strong communication skills and a deep respect for the power of collaboration
  • A learning mindset, regardless of level or experience
  • The ability to drive clear next steps when encountering ambiguous spaces without clear lines of ownership
  • High standards for code quality and a constructive attitude to help others raise the bar
  • Software engineering experience in a high-stakes production environment
  • A knack for considering how systems can fail and how to fix them
  • An ability to think creatively and holistically about reducing risk in a complex environment
  • Experience with security on one or more of AWS, Azure, or GCP

Related Categories

Related Job Pages

More Security Engineer Jobs

Dexcom logo

Senior Cybersecurity Engineer

Dexcom

Empowering people to take control of health

Full TimeRemoteTeam 10,001+Since 1999H1B Sponsor

• You will be task to perform scripting, and automation works relating to Information Security. • You will conduct security assessments of new tools, applications, and systems. • You will process and manage requests for various security services such as URL Filtering, Privilege Account Management, DLP, Firewall Rule Review. • You will support or lead the design and deploy security infrastructure such as DLP, SWG, UBA, EDR, SIEM, MDM, NAC, etc. • You will support or lead security infrastructure projects and manage security infrastructure. • You will provide security consulting and influence adoption of security best practices. • You may, if needed, support activities of third-party penetration testing, vulnerabilities assessments and drive remediation activity. • You may, if needed, support incident response and threat containment. • You may support information security and data privacy compliance audits and associated activities.

Philippines
Job Closed
Full TimeRemoteTeam 10,001

Role Description This role contributes to Starbucks’ success by operating within the Security Operations Center (SOC) to detect, investigate, and respond to cybersecurity threats across the enterprise. You will leverage SIEM and SOAR platforms to perform advanced log analysis, validate alert fidelity, and continuously assess the operational health and coverage of Starbucks’ security tooling. You will design, build, and tune detections within the SIEM, translating real world adversary behaviors and MITRE ATT&CK aligned TTPs into high confidence, actionable alerts. This includes authoring and maintaining detection logic (e.g., KQL, SPL, or equivalent), reducing false positives and closing visibility gaps. The role also focuses on maturing automation through SOAR by developing playbooks that standardize and accelerate investigation, enrichment, containment, and response workflows. You will integrate SOAR with security and IT platforms to automate repeatable actions. The ideal candidate demonstrates strong analytical problem solving skills, clear technical communication, and deep expertise in modern attack techniques, logging architectures, and SOC operations. A proven, hands on track record of advancing detection engineering, SIEM/SOAR effectiveness, and incident response capabilities in highly targeted, large scale environments is essential. Success in this role is defined by measurable contributions to a world class SOC and cybersecurity program that proactively detects threats, rapidly contains incidents, and drives consistent, effective resolution across all cybersecurity events. As a cybersecurity engineer senior, threat detection and response, you will: - Identify, evaluate, and appropriately address alerts and incidents - Develop detections based on the MITRE ATT&CK Framework - Proactively identify emerging threats and conduct threat hunting for undetected activity within the environment - Assess alerts to establish their legitimacy, and urgency - Adhere to SOC playbooks and standard operating procedures (SOPs) to promote consistency in triage and decision-making - Conduct a thorough review and audit of existing logging systems to identify any gaps in detection capabilities - Review threat intel reports and feeds, making recommendations for profile or toolset changes based on reviews - Perform in-depth investigations on Windows, Linux, and MacOS hosts - Create stories to enhance the SOAR environment for engineers - Enhance SOC processes with feedback and operational insights - Serve as both a mentor and an escalation point for SOC engineers - Tune security tool configuration to minimize false positives - Work closely with security leaders, engineers, and compliance teams to implement effective security plans - Serve as a subject matter expert for security tools, applications, and processes Qualifications - 5+ years of experience working in an information technology discipline - 4+ years of security operations experience - 2+ years of detection engineering experience - 2+ years of Threat hunting experience - Deep technical understanding of modern Cybersecurity threats - Understanding of the MITRE ATT&CK framework and the ability to create detections based on analysis of attacker tools & techniques using this framework - Proficient in programming with at least one modern language such as Python, Powershell, C#, Ruby, or Java - Experience with the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security - Basic understanding of compliance and regulatory requirements such as SOX and PCI - Ability to balance multiple priorities and meet deadlines - Excellent problem-solving abilities - Passionate about cybersecurity and self-driven to become an expert Preferred Qualifications - Demonstrated expertise in at least two technologies, such as SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, or Container Security - Skilled in at least two focus areas, including Phishing, Data Loss Prevention (DLP), Compliance, Networking, Digital Forensics, Big Data, Threat Intelligence, Operating Systems, or Reverse Engineering - Actively supports the cybersecurity community by teaching or contributing code - Holds certifications like CISSP, SSCP, GCIH, or other credentials emphasizing cybersecurity Benefits - Access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits - Short-term and long-term disability - Paid parental leave - Family expansion reimbursement - Paid vacation from date of hire - Sick time (accrued at 1 hour for every 25 hours worked) - Eight paid holidays and two personal days per year - Participation in a 401(k) retirement plan with employer match - Discounted company stock program (S.I.P.) - Starbucks equity program (Bean Stock) - Incentivized emergency savings and financial well-being tools - 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program - Student loan management resources and access to other educational opportunities - Access to backup care and DACA reimbursement

United States
$112.4K - $211.8K / year
Zimperium logo

Senior Cloud Security Engineer – FedRamp

Zimperium

The leader in enterprise mobile endpoint protection and mobile app protection for Android, iOS and Chromebooks threats

Full TimeRemoteTeam 201-500Since 2010H1B Sponsor

• Design, implement, and manage security best practices and controls for services hosted across AWS, Azure, GCP, and OCI environments. • Act as the subject matter expert for security automation, leveraging CloudFormation and/or Terraform to deploy secure infrastructure consistently and at scale. • Implement and enforce rigorous security configuration benchmarks, specifically CIS Level 2 and DISA STIGs, across all compute environments, including various flavors of Linux and Kubernetes clusters. • Configure, manage, and optimize cloud-native and third-party security tools such as Palo Alto Prisma Cloud, Orca, Google SecOps, and Palo Alto Next Generation Firewalls. • Deploy and manage Web Application Firewalls (WAFs), including F5 and other cloud-native WAF solutions, to protect critical applications. • Integrate security testing tools (SAST, DAST, SCA) into CI/CD pipelines to enable "shift-left" security practices. • Design and maintain solutions for the secure storage and rotation of credentials, API keys, and secrets using tools like HashiCorp Vault or equivalent cloud-native services. • Conduct threat modeling and perform security reviews for new applications and services to proactively identify and mitigate risks in the design phase. • Participate in a rotating on-call schedule to address security incidents and operational issues promptly. • Support internal and external audits by generating evidence, writing detailed reports, and delivering clear, concise technical presentations to leadership. • Operate with minimal oversight, taking the initiative to identify and suggest security improvements and drive projects to completion.

Texas
iHerb, LLC logo

Senior Security Engineer

iHerb, LLC

Come join the movement....we are a vehicle to healthy living!

Full TimeRemoteTeam 1,001-5,000Since 1996H1B No Sponsor

• Design, develop, and maintain automation frameworks and scripts (Python, Bash, Terraform) to streamline security processes and workflows. • Deploy and manage secure, scalable infrastructure on AWS using Terraform via Scalr and Harness, with additional presence in GCP and Azure. • Build, support, and optimize AWS Step Functions, Lambda, and EventBridge workflows from a centralized tooling account that operates across multiple spoke accounts in the AWS Organization. • Maintain Kubernetes clusters using Helm charts, including in-house security automations on pods that integrate with CSPM tools and Jira ticketing processes. • Develop and enforce cloud security guardrails using OPA, Guardrails, Service Control Policies (SCPs), IaC security gates, and tag policies. • Architect, build, and maintain Splunk Enterprise Security (ES) integrations, including onboarding log sources, managing indexes, tuning correlation searches, and configuring automated response actions. • Design and implement Splunk SOAR playbooks to automate security tasks, reduce Mean Time to Respond (MTTR), and scale SOC capabilities. • Serve as the subject matter expert for Okta Identity Engine (OIE) — building and managing scalable SSO policies, modern authentication (SAML/OIDC), and identity lifecycle processes. • Leverage AWS security services (GuardDuty, Macie, IAM, Control Tower, KMS, CloudTrail, EventBridge) to build event-driven automations for threat detection and response. • Own the in-house Jira management process for CSPM findings and the supporting data pipeline that feeds AWS QuickSight dashboards. • Collaborate with cross-functional teams (Dev, Platform, Security, and SOC) to integrate security automation into CI/CD pipelines and shift security left. • Conduct risk assessments, enforce security best practices, and continuously improve our defensive posture through automation and tooling. • Monitor, troubleshoot, and optimize cloud infrastructure and security systems to ensure high availability, performance, and compliance. • Stay current with AWS best practices, security trends, and emerging technologies to drive continuous improvement.

United States
$162K - $190K / year