Security Analyst, Bug Bounty
Stripe
Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.
About the team
In this role, you’ll join Stripe’s Vulnerability Management team, whose mission is to “Surface vulnerabilities at scale across Stripe.” Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe’s security “immune system.”
What you’ll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you’ll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You’ll own the overall effectiveness of Stripe’s bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You’ll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe’s products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
- Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program
- Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers
- Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies
- Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders
- Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation
- Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives
- Provide tactical support for vulnerability management triage processes to augment the team as needed
- Prepare and implement improvements to the overall bug bounty program
- Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
Who you are
We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- Proven ability to follow bug reports and accurately triage security vulnerabilities
- Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs)
- Competent in offensive security tools (e.g., Burp Suite, custom scripting)
- Ability to think like an attacker to understand the impact of vulnerabilities
- Proficient in clear communication, conveying technical concepts to various stakeholders
- Experience in one of the following areas
- Bug bounty program or triaging security vulnerability reports
- Knowledge of Stripe products and general security expertise
Preferred qualifications
- Experience in technical support, operations, or similar roles with technical systems exposure
- Prior participation in or experience with bug bounty programs
- Experience analyzing source code for security vulnerabilities
- Proficiency in scripting languages (e.g., Python, Ruby) for automation
- Familiarity with cloud-based services (e.g., AWS, GCP)
- Certifications such as OSWA or BSCP
- ...the Role This is our first dedicated security hire, and it's a rare chance to define... ...early engineer, not just a user. You helped secure it from early design or during major... ...you've run security programs in practice: bug bounty, pentest engagements, working with external...SuggestedFull timeRemote work
- ...Recharge Time - Generous PTO and unlimited sick days Future Security - RRSP (Canada) and 401k (US) matching programs Continuous... ...- $2,500 annual development fund, tuition assistance, and Book Bounty program Team Connection - Annual company events and team offsites...SuggestedFull timeRemote workFlexible hours
$130k - $145k per year
...their inbound pipeline motion. Overview: We are seeking a Security Analyst who is passionate about safeguarding systems, data, and people... ..., helping employees remain productive while operating in a secure environment. This role blends hands-on security operations,...SuggestedRemote job- ...After you join the team, we'll verify your eligibility to work in the U.S. by submitting information from your Form I-9 to the Social Security Administration and, if needed, the Department of Homeland Security. This process happens post-hire only — we never use E-Verify to...SuggestedFull timeFor contractorsRemote work
$145k - $165k per year
...migration, and ensure our platform delivers exceptional performance and security for thousands of properties worldwide. Your work will directly... ...user interactions across the Cloudbeds ecosystem Architect secure solutions for handling financial transactions and sensitive...SuggestedLong term contractFull timeWork at officeLocal areaRemote workWork from homeWorldwideHome officeWeekend work$16 per hour
...Discount on food at our restaurant Reporting to the Property Manager, the Security Agent is responsible for safeguarding our assets, staff, and visitors. You will be tasked with maintaining a safe and secure environment by implementing preventive measures and responding...Full timeFlexible hours- ...departments. This is a high profile and impactful, hands-on position that will require grit. Work together with our developers and privacy/security experts to help us take our browser to the next level. Requirements ~5+ years experience with testing software ~ Strong...Work at officeRemote workHome office
- ...After you join the team, we'll verify your eligibility to work in the U.S. by submitting information from your Form I-9 to the Social Security Administration and, if needed, the Department of Homeland Security. This process happens post-hire only — we never use E-Verify to...Full timeRemote work
- ...After you join the team, we'll verify your eligibility to work in the U.S. by submitting information from your Form I-9 to the Social Security Administration and, if needed, the Department of Homeland Security. This process happens post-hire only — we never use E-Verify to...Full timeRemote workFlexible hours
- ...After you join the team, we'll verify your eligibility to work in the U.S. by submitting information from your Form I-9 to the Social Security Administration and, if needed, the Department of Homeland Security. This process happens post-hire only — we never use E-Verify to...Full timeRemote work
- ...de plusieurs types d’audit (ex. : fournisseurs, sites d’investigateur, dossiers principaux de l’essai, gestion de données, rapport de sécurité et laboratoires). Excellente connaissance des exigences réglementaires des BPx. Connaissance de la terminologie médicale et...Daily paidContract workTemporary workWork at office
- ...time zones. Join us on our mission to transform lives by simplifying money, together. The Role: Monarch is hiring a Senior Security Engineer, Detection and Response to join our Security team within Foundations — the first dedicated hire for this function. Reporting...InternshipWork at officeImmediate startRemote workWork from homeWeekend work
- ...After you join the team, we'll verify your eligibility to work in the U.S. by submitting information from your Form I-9 to the Social Security Administration and, if needed, the Department of Homeland Security. This process happens post-hire only — we never use E-Verify to...Full timeRemote work
- ...After you join the team, we'll verify your eligibility to work in the U.S. by submitting information from your Form I-9 to the Social Security Administration and, if needed, the Department of Homeland Security. This process happens post-hire only — we never use E-Verify to...Full timeRemote work
- ...world. If you're excited to shape the future of design and collaboration, join us! Figma is looking for a Senior Credit & Collections Analyst to join our Accounting team. This is a high-impact role with ownership over collections strategy, cross-functional collaboration, and...Hourly payFull timeRemote workWork from home
$132k - $282k per year
...that powers GitLab's authentication and authorization systems at scale. This role focuses on the foundational components that enable secure, performant, and reliable identity services across all GitLab deployment models while supporting our transition to a zero-trust architecture...Remote jobInternshipHome office$145k - $260k per year
...design, coding, code review, unit/integration testing, bug fixing, and code/API documentation. Collaborate closely... ...offer an enterprise plan with features around privacy, security and environment management (e.g. secure distribution and management of API keys). These larger...Remote jobRemplacementInternshipWork at officeImmediate startFlexible hours- ...TSAT) is a leading global satellite operator, providing reliable and secure satellite-delivered communications solutions worldwide to... ...test and support teams to ensure comprehensive testing and efficient bug resolution. In addition, you will take the lead in technical discussions...InternshipWork at officeWorldwide
- ...frameworks. Triage and classify issues: Distinguish between configuration/integration errors, data issues, product limitations, and genuine bugs. What You’ll Bring ~3+ years in a role that includes deep technical troubleshooting (e.g., Technical Support Engineer, QA Engineer...Remote job
- ...Assistant Coordinate delivery across Data Engineering, DS ICs, Security, IT, and business stakeholders (Sales, Product, Finance,... ...BI tooling (Hex, Sigma), and AI-powered query interfaces (Cortex Analyst, RAG) at a program level ~ A track record of driving adoption...Full timeRemote workWork from homeShift work
- ...behavior and sign‑off criteria for silicon. Have impact measured through coverage metrics achieved, quality and reproducibility of bugs found, and robustness of the verification environment you help build. What You Will Learn End‑to‑end SoC design and verification...Permanent employmentSummer workInternshipWork at office
$100k per year
...from a firmware perspective. Debug complex hardware-software interactions, including signal integrity issues and protocol-level timing bugs. What You Will Learn What it means to shape AI acceleration hardware and networking infrastructure from the ground up. How...Permanent employment- ...Measures In three months you’ll have contributed to the development of a project slated for the next major version, as well as fixed a few bugs in a minor version of our latest stable release series In six months, you’ll have taken on code review responsibilities and are...Full timeLocal areaRemote workWorldwideFlexible hours
- ...Establish and enforce BI best practices, including data governance, security, and documentation. Monitor and improve query performance,... ...regulations. Work cross-functionally with data engineers, analysts, and business teams to align data strategies. Act as a key advisor...Remote jobLive InLocal areaHome officeFlexible hours
$200k - $276k per year
...into technical solutions Collaborate with Data Scientists and Analysts to enable advanced analytics, machine learning, and business... ...initiatives and embedded reporting capabilities Engage with Security and Compliance teams to ensure data governance and regulatory requirements...Remote jobLong term contractWorldwideHome office- ...strategies for pricing, in-game promotions, SKUs, and ongoing content. ● Lead and prioritize the work of other Product Managers and Data Analysts, ensuring alignment with strategic goals and the delivery of high-quality results. ● Market Intelligence – Deliver research on the...Casual work
- ...written and oral communication skills, and participation in a culture of writing things down. ~ Committed to building high quality, secure, performant product and willing to pursue new learning in these areas. Technical Competencies ~ Experience developing large...Full timeLocal area
- ...re excited to shape the future of design and collaboration, join us! As Corporate Counsel you will help develop our corporate and securities legal strategy, ensuring our legal approach scales with the company's growth. This is a full time role that can be held from one...Full timeRemote workWork from homeShift work
- ...technical solutions Conduct code reviews, architectural reviews, and drive continuous improvement in code quality, performance, and security Champion cloud best practices, cost optimization, and platform modernization initiatives Required Qualifications ~8+ years of...Full timeLocal area
- ...and operate scalable distributed systems and services that power Figma's innovative tools for design and collaboration Develop and secure our internal and edge network running on AWS Help design and deploy an internal service mesh network which can support Figma's growing...Full timeRemote workWork from home
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Security Analyst, Bug Bounty. Be the first to apply!
