Stripe
Detection Engineer
Stripe
€91k - €136k
Remote in Spain, Belgium, Germany, or Ireland
Apply Now ->
Cybersecurity

Detection Engineer

Overview

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world's largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities.

Job Description

The Proactive Threat team identifies, detects, and responds to threats before they impact Stripe's business or users. The Detection Engineering & Threat Hunting function sits at the intersection of offense and defense — we leverage deep knowledge of attacker tradecraft to build high-fidelity detections, hunt for sophisticated threats, and validate defensive capabilities across Stripe's critical systems.

Responsibilities

  • - Design, build, and tune high-fidelity detections across modern SIEM platforms, covering adversary TTPs across the full attack lifecycle
  • - Develop detection hypotheses by researching TTPs, identifying evidence sources, and determining detection opportunities across available telemetry
  • - Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls
  • - Perform malware analysis and reverse engineering to extract indicators and inform detection strategies
  • - Build network-based detections (flow, pcap, protocol analysis) and endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS
  • - Partner with Threat Intelligence to operationalize intel reports into detections, hunting leads, and enrichment logic
  • - Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises
  • - Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment
  • - Map detection coverage to MITRE ATT&CK, identifying and prioritizing gaps across key attack surfaces
  • - Lead projects, mentor teammates, and champion quality standards within the team

Required Skills

  • - 5+ years of experience in detection engineering, threat hunting, or security operations
  • - Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel)
  • - Strong understanding of adversary tradecraft across the attack lifecycle: initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration
  • - Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities
  • - Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS)
  • - Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources
  • - Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L, SQL) and programming (Python or similar)
  • - Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences
  • - Adversarial mindset — understanding how attackers operate to build detections that catch real-world threats

Benefits

  • - Equity
  • - Company bonus or sales commissions/bonuses
  • - Retirement plans
  • - Health benefits
  • - Wellness stipends
Apply Now ->

About the company

Stripe

Stripe is a technology company that builds economic infrastructure for the Internet. Stripe is a platform for commercial finance infrastructure. Stripe is used by millions of businesses, ranging from the biggest corporations in the world to the most ambitious startups, to take payments, increase revenue, and open up new business prospects.


All Job Openings at Stripe