Chat with Stripe sales 8 sales reps available We're here to discuss your business needs. Chat now with sales Security Analyst, Bug Bounty Stripe logo Jobs Our opportunity Life at Stripe
Benefits University See open roles Open mobile navigation Jobs Our opportunity Life at Stripe
Benefits University See open roles Close mobile navigation Roles at Stripe Role details Security Analyst, Bug Bounty
Who we are About Stripe Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.
About
the team In this role, you’ll join Stripe’s Vulnerability Management team, whose mission is to “Surface vulnerabilities at scale across Stripe.” Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe’s security “immune system.” What you’ll do We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you’ll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You’ll own the overall effectiveness of Stripe’s bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency). You’ll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe’s products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives Provide tactical support for vulnerability management triage processes to augment
the team as needed Prepare and implement improvements to the overall bug bounty program Provide feedback and
requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
Who you are We’re looking for someone who meets the minimum
requirements to be considered for
the role. If you meet these
requirements, you are encouraged to apply. The preferred
qualifications are a
bonus, not a requirement. Minimum
requirements Proven ability to follow bug reports and accurately triage security vulnerabilities Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs) Competent in offensive security tools (e.g., Burp Suite, custom scripting) Ability to think like an attacker to understand the impact of vulnerabilities Proficient in clear communication, conveying technical concepts to various stakeholders Experience in one of the following areas Bug bounty program or triaging security vulnerability reports Knowledge of Stripe products and general security expertise Preferred
qualifications Experience in technical support, operations, or similar roles with technical systems exposure Prior participation in or experience with bug bounty programs Experience analyzing source code for security vulnerabilities Proficiency in scripting languages (e.g., Python, Ruby) for automation Familiarity with cloud-based services (e.g., AWS, GCP) Certifications such as OSWA or BSCP Working remotely at Stripe A remote location is defined as being 35 miles (56 kilometers) or more from one of our offices. While you would be welcome to come into the office for team/business meetings, on-sites, meet-ups, and events, our expectation is you would regularly work from home rather than a Stripe office. Stripe does not cover the cost of relocating to a remote location. We encourage you to apply for roles that match the location where you currently live or plan to live. Pay and
benefits The annual US base salary range for this role is $144,400 - $216,600. For sales roles, the range provided is
the role’s On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for
the role. This salary range may be inclusive of several career levels at Stripe and will be narrowed during the interview process based on a number of factors, including the candidate’s experience,
qualifications, and location. Applicants interested in this role and who are not located in the US may request the annual salary range for their location during the interview process. Additional
benefits for this role may include: equity, company
bonus or sales commissions/bonuses; 401(k) plan; medical, dental, and vision
Launched out of Y Combinator’s 2009 Summer batch, Stripe is a global technology company that builds economic infrastructure for the internet. Businesses of every size—from new startups to public companies—use our software to accept payments and manage their businesses online Stripe is a proud partner of YC companies—from Airbnb (S09) to Defog (W23)—to help them grow their businesses and increase the GDP of the internet.
