All interviews
Stripe logo

Stripe

Mid

Build high-fidelity SIEM detections and lead threat hunts on Stripe's Proactive Threat team

Stripe is hiring a detection engineer for its Proactive Threat team, sitting at the intersection of offense and defense: writing detection-as-code across SIEM platforms, running hypothesis-driven threat hunts, and doing malware analysis to catch adversaries before they impact Stripe. The role wants 5+ years in detection engineering/threat hunting/SecOps, hands-on SIEM query experience (Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Sentinel), and fluency in attacker TTPs across the full lifecycle. Based in Ireland, collaborating across US/Europe/Asia time zones.

Step into this interview

Free · a live voice mock calibrated to this exact role

Practice this interview

What this interview tests

  • Detection engineering across SIEM platforms and query languages (SPL/KQL/EQL/YARA-L)
  • Adversary TTPs across the full attack lifecycle and MITRE ATT&CK mapping
  • Hypothesis-driven threat hunting
  • Operationalizing threat intelligence into detections
  • Detection-as-code, automation, and tooling at scale
  • Malware analysis / reverse engineering (secondary)

Common question themes

Walk through building a detection for a specific attacker TTP, including the actual query logic

How do you tune a detection to reduce false positives without losing coverage

Describe a hypothesis-driven threat hunt you ran that wasn't prompted by an alert

Tell me about turning a threat intel report into an operational detection or hunting lead

Describe automation or a pipeline you built to scale detection engineering

How do you map and prioritize detection coverage gaps against MITRE ATT&CK

View the original posting

Related interviews