Secure Device Mobile Engineer

Who we are About Stripe Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career. About the team Secure Devices is responsible for ensuring that every client endpoint at Stripe adheres to our rigorous security standards. Our services play a crucial role in detecting and preventing data loss, restricting software execution to only approved software, and providing attestation capabilities to securely manage device identities. We operate both on-device and backend services across multiple platform types. Our users-first approach ensures that we’re empowering Stripes to be as productive as possible while protecting user data. What you’ll do As a software engineer on Secure Devices, you will work at the intersection of software development, security, and client platform engineering. You will work with teams across Security, Infrastructure and Corporate Engineering to drive strategic projects to better secure Stripe endpoints, build infrastructure for supporting new platforms, and operate services critical to securing over 10,000 Stripe devices. Responsibilities Contribute to the secure design and implementation of Stripe’s mobile expansion initiative Act as the subject matter expert on iOS security by advising partner teams on iOS security best practices and secure-by-design architectures Design, build and maintain Stripe’s endpoint security software. This includes developing telemetry and prevention capabilities via macOS system extensions that run on all Stripe macOS devices Collaborate closely with partner teams to define and measure the secure configuration of Stripe’s client platforms (macOS, iOS/Android, ChromeOS) Operate high RPS backend services providing critical controls and security configuration to Stripe endpoints Drive down usage of unapproved, untrusted software while creating a surprisingly great user experience for onboarding new, approved software Manage and improve device attestation flows to ensure Stripe’s device and user identities are kept secure Identify opportunities on Stripe client platforms to improve our security posture and resiliency against malware and advanced persistent threats Build and maintain a users-first data loss prevention program to protect against accidental and malicious data exfiltration Who you are We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement. Minimum requirements 4+ years of relevant experience securing iOS and/or macOS platforms 4+ years of software engineering experience writing Go, Swift or Objective-C Deep expertise securing devices within the Apple ecosystem Understanding of the current threat landscape and how to defend Apple devices against modern threats High standards for code quality and a constructive attitude to help others raise the bar An ability to think creatively and holistically about reducing risk in a complex environment The ability to drive clear next steps when encountering ambiguous spaces without clear lines of ownership Empathy, strong communication skills and a deep respect for the power of collaboration Preferred qualifications Experience implementing endpoint detection and response software Knowledge of macOS or iOS internals and how they can be used to build security controls and software Exposure to data loss prevention strategies Ability to develop backend networked applications capable of handling a high number of requests General proficiency in securing client devices Understanding of topics such as platform hardening, malware detection, and endpoint management through configuration as code Understanding of networking protocols across various levels of the stack TCP, DNS, SSH, TLS, HTTP Linux system administration knowledge Additional experience securing alternative platforms including Windows and Android Experience working with AWS cloud services