Software Engineer, Secrets Infrastructure

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

The Secrets Infrastructure team provides the cryptographic identity and secrets management foundation for Stripe. We build and operate the internal certificate authority that authenticates every person and service at Stripe, and the secrets platform that manages everything from financial partner credentials to infrastructure access keys.

We build foundational security infrastructure at scale: our certificate authority issues mTLS client certificate identities for thousands of services and engineers, and our secrets platform and libraries protect access to critical financial systems and external partners across all of Stripe’s codebases, services, and platforms. The technical challenges include building systems with 99.99%+ availability, implementing TLS workload identity and attestation logic for new platforms, and designing secret management tools that are both secure and user-friendly. Our infrastructure must be both reliable and developer-friendly—we maintain libraries in Go, Java, Ruby, and Python. As a small team responsible for critical systems, engineers take on meaningful ownership. Through collaboration with teams across Stripe, you'll build and set direction for the authentication and secrets management underpin identity in distributed systems at scale. 

Secrets Infrastructure is a fully remote team, with a small presence in the Seattle and New York City offices. We pride ourselves on a friendly, technically rigorous, and supportive team culture.

You'll be responsible for TLS identity and secrets infrastructure that every Stripe service depends on. You'll build infrastructure, developer tools, and guide partner teams on architecture decisions; we regularly need to help other teams reason about cryptographic primitives and PKI, transitive trust, potential failure modes and threat models. 

Since our infrastructure and libraries are used across the entire Stripe codebase, you'll work in Go, Java, Ruby, and Python. The services we own are written in Go, so most of your hands-on work will be in Go. The typical balance of hands-on work is about 60% coding, 20% infrastructure work, and 20% security design/guidance with partner teams.

• Design and implement significant features in our certificate authority and secrets management systems
• Work across Go, Java, Ruby, and Python to implement authentication and secrets infrastructure used by every service at Stripe
• Work with with other engineering teams to understand their needs and design secrets and identity integrations
• Develop certificate provisioning and secret management integrations for various compute platforms (Kubernetes, EC2, developer workstations)
• Work on reliability improvements to maintain 99.99%+ availability for critical infrastructure; we take pride in making failure modes impossible instead of reacting to them
• Participate in on-call rotation for critical infrastructure, working alongside senior engineers to debug and resolve production issues

We’re looking for a senior candidate who has enough prior experience in security, backend API development, and infrastructure to quickly take responsibility for significant projects. We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement. 

• 5+ years of professional software development experience. Strong programming skills in Go, with significant experience in other similar system programming languages (C++, Rust, C#, etc) as a potential alternative.
• 3+ years of infrastructure and security experience (can overlap with other experience)
• Experience in cryptography, PKI, secret management, or other security topics
• Familiarity with infrastructure tools like Kubernetes, Terraform, and cloud platforms
• Interest in security, infrastructure, and software development
• Enthusiasm for learning new technologies and working across multiple programming languages
• Strong debugging and problem-solving skills; the team maintains and troubleshoots integrations across all Stripe languages and infrastructure
• Clear verbal and written communication skills and ability to collaborate effectively with other engineers
• Experience leading cross-team projects and building alignment on multi-team technical direction
• Strong technical writing skills to write design documents
• On-call experience

• Prior experience building PKI or secret management infrastructure (as an SWE - not just provisioning a 3rd party tool or service)
• Experience in Java, Ruby, or Python
• Experience building developer tools, libraries, or platform services
• Experience with kubernetes internals (how the platform works, not just as a user)
• Experience operating complex services on AWS
• Experience in fully remote work environments