Security Incident Response Manager

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies - from the world’s largest enterprises to the most ambitious startups - use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.

About the team

The Security Incident Response team is responsible for triaging and assessing the severity of incoming security alerts, responding with initial containment measures and escalating as needed to incident responders for further investigation and resolution. They analyze a variety of data sources to identify potential threats, collect requirements for operational enhancements to detection and response systems, and generally scale security processes. From external attacks to insider threats, our goal is to respond with speed and precision, remediate, and support the incident postmortem process. The team is distributed globally and regularly coordinates with stakeholders in North America, Europe, and Asia.

What you’ll do

You will leverage your security management experience to improve incident response capabilities at Stripe. You will manage a team of security analysts, investigators, and responders on the front lines of the incident response process, hiring, training, and evaluating their performance, providing technical guidance where needed, developing clear and consistent response procedures, and ensuring timely and effective resolution of casework. You will also collaborate with various internal stakeholders, including the Security Analytics and Detection teams, and make continuous improvements to Stripe’s security incident response function.

Responsibilities

• Lead and support a team of security analysts, investigators, and responders who triage, assess, and respond to threats
• Provide technical guidance to the team, as a subject matter expert
• Influence the organizational mission and vision by ensuring prioritization and delivery of project work that is aligned with relevant security roadmaps
• Strengthen KPIs and metrics for measuring response operations effectiveness, for clear and consistent reporting to internal stakeholders
• Work cross-functionally with security engineering teams to gather requirements for analyzing and responding to security events data at scale while protecting Stripe networks, systems, and data from threats
• Develop, document, and implement strategies, runbooks, and capabilities to support the incident response process
• Continuously improve security processes and response capabilities by collaborating with security engineers and analysts
• Coach and mentor individual contributors, enabling career development and championing quality standards within the team

Who you are

We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

Minimum requirements

• 5+ years experience leading Security Operations or Incident Response teams, including hands-on, technical management experience of security analysts or engineers
• B.S. or M.S. Computer Science or related field, or equivalent experience in Security
• Experience recruiting, growing, and leading technical teams, including performance management
• Excellent written and verbal communication skills, including the ability to develop and deliver operational or incident-related information to leadership
• Advanced knowledge of data analytics (e.g. logs for first or third party applications, system / data access events), network security, digital forensics, and incident response investigations
• Experience with Python and SQL, and/or familiarity with other programming languages
• Familiarity with operating systems, file systems, and memory on macOS, Linux, or Windows
• Strong understanding of threat actor tactics, techniques, and procedures (TTPs)

Preferred qualifications

• Broad knowledge and experience across the information security domain, including familiarity with endpoint, email, network, identity management, cloud security, vulnerability management, incident response, and threat intelligence.
• Experience with engineering, data processing and analysis tools
• Familiarity with network observability, security software, or data engineering solutions (Chronicle, Tines, osquery, Splunk, etc.)