Offensive Security Engineer, Penetration Testing

Role overview

Stripe is seeking an Offensive Security Engineer to join our security engineering team. In this role you will perform advanced penetration testing and red-team style assessments to identify exploitable weaknesses across Stripe's systems, applications, and services. You will work closely with product engineering, platform teams, and incident response to improve security controls and drive risk mitigation.

Responsibilities

• Plan, perform, and document penetration tests on web/mobile apps, APIs, and infrastructure.
• Identify vulnerabilities and validate exploitability; communicate risks to engineers and leadership.
• Develop custom testing tooling and automated checks to scale security assessments.
• Collaborate with product and security teams to remediate findings and verify fixes.
• Conduct threat modeling and simulate realistic attacker scenarios.
• Maintain current knowledge of attacker TTPs and security research.
• Mentor junior engineers.

Requirements

• Proven experience in offensive security and penetration testing (web, mobile, API).
• Deep knowledge of OWASP Top Ten and modern attack techniques.
• Strong scripting experience (Python, Go, Ruby, or Bash).
• Familiarity with vulnerability management, bug bounty processes, and security tooling.
• Excellent communication and collaboration skills, ability to explain risk to non-technical stakeholders.
• Bachelor's degree in Computer Science or related field, or equivalent practical experience.

Nice to have

• Experience with cloud platforms (AWS, GCP, Azure) and cloud security.
• Red team experience and attacker emulation.
• Familiarity with secure development lifecycle and threat modeling.

About Stripe

Stripe is a technology company that builds economic infrastructure for the internet. We’re looking for security-minded engineers to help protect our platform and customers as it scales globally.