Security Analyst, Bug Bounty

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the team

In this role, you would join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system".

What you’ll do

We are seeking a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you will be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You will own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).

You will play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe’s products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.

Responsibilities

Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program.

Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers.

Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies.

Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders.

Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation.

Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives.

Provide tactical support for vulnerability management triage processes to augment the team as needed.

Prepare and implement improvements to the overall bug bounty program.

Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation.

Who you are

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

Responsibilities

Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program.

Communicate effectively with security researchers to drive report clarity and engage with top hackers.

Understand root causes of vulnerabilities and advise product and engineering teams on mitigation strategies.

Coordinate with stakeholders to drive the lifecycle of submissions through to resolution.

Act as a liaison between external researchers and internal teams for effective remediation.

Conduct data analysis on bug reports to identify systemic risks and inform security initiatives.

Prepare and implement improvements to the bug bounty program.

Provide feedback for tool development to enhance triage and security workflows.

Required skills

Proven ability to follow bug reports and accurately triage security vulnerabilities.

Familiarity with w