• Lead security operations initiatives focused on securing modern software development pipelines, CI/CD platforms, and cloud-native DevOps environments. • Partner with engineering and DevOps teams to embed security controls into the Software Development Life Cycle (SDLC) using Dev/SecOps best practices. • Design, implement, and monitor security controls for source code repositories, build systems, artifact management platforms, and deployment pipelines. • Conduct threat modeling, risk assessments, application pen testing, and security reviews for internally developed applications, APIs, and automation platforms. • Develop and maintain detection and response capabilities for software supply chain threats, credential misuse, pipeline compromise, and cloud workload attacks. • Manage vulnerability management processes for applications, containers, infrastructure-as-code, open-source dependencies, and CI/CD tooling. • Implement automated security scanning tools including SAST, DAST, SCA, IaC scanning, and container security solutions. • Monitor security events across cloud platforms, developer tooling, SaaS environments, and production systems using SIEM/XDR technologies. • Investigate and respond to security incidents involving applications, DevOps tooling, cloud environments, and identity platforms. • Establish security standards for AI/ML systems including model governance, secure API usage, data protection, and responsible AI controls. • Assess and mitigate emerging AI-related risks such as prompt injection, model abuse, data leakage, shadow AI usage, and unauthorized automation. • Evaluate, implement, and secure enterprise AI tools to improve SecOps efficiency, threat detection, alert triage, and incident response workflows. • Build automation scripts and workflows to streamline repetitive security operations tasks and improve response times. • Collaborate with developers to remediate security findings quickly while balancing operational efficiency and release velocity. • Create dashboards, metrics, and reporting for security posture across DevOps pipelines, application environments, and AI platforms. • Stay current on evolving threats related to software supply chain security, cloud platforms, DevOps ecosystems, and artificial intelligence technologies. • Other duties as assigned.

• Develop tooling to generate and automate regulatory benchmark guidance • AI driven tooling (MCP servers/toolsets) that integrates with IDEs (Claude Code/Cursor) • Understanding Compliance Operator resources, like CustomRules and Profiles • Implementing checks using multiple scanning technologies, like OpenSCAP and CEL expressions • Developing and maintaining operators that improve OpenShift security posture • Contribute to industry benchmark regulatory bodies where applicable (CIS)

• Designing and implementing controls that support security invariants and enforce our security principles while providing a surprisingly great user experience • Providing a migration path for newly acquired companies onto the Stripe Secure Platform, embedding with their engineers and biasing for action • CI tooling for platform-related configuration: IAM roles, SCPs, and associated components • Guardrails and security controls for both commonly used and newer cloud technologies • Expanding our cloud identity infrastructure to provide paved paths for AI and agentic access • Automation tooling for continually driving down permissions and access across our cloud services

• You will be task to perform scripting, and automation works relating to Information Security. • You will conduct security assessments of new tools, applications, and systems. • You will process and manage requests for various security services such as URL Filtering, Privilege Account Management, DLP, Firewall Rule Review. • You will support or lead the design and deploy security infrastructure such as DLP, SWG, UBA, EDR, SIEM, MDM, NAC, etc. • You will support or lead security infrastructure projects and manage security infrastructure. • You will provide security consulting and influence adoption of security best practices. • You may, if needed, support activities of third-party penetration testing, vulnerabilities assessments and drive remediation activity. • You may, if needed, support incident response and threat containment. • You may support information security and data privacy compliance audits and associated activities.