Senior Product Security Engineer at StubHub

New York, New York, United StatesFull-timeSecurity EngineeringPosted about 1 month ago

About the Role

<div class="content-intro">StubHub is on a mission to redefine the live event experience on a global scale. Whether someone is looking to attend their first event or their hundredth, we’re here to delight them all the way from the moment they start looking for a ticket until they step through the gate. The same goes for our sellers. From fans selling a single ticket to the promoters of a worldwide stadium tour, we want StubHub to be the safest, most convenient way to offer a ticket to the millions of fans who browse our platform around the world.</div>StubHub's Product Security Engineering Team is seeking a Senior Engineer to enhance our security posture within the end user and services product domain. The perfect candidate will possess experience in CI/CD pipeline security, product and application architecture reviews, contextualized vulnerability management processes, and automation.  Location: Hybrid (3 days in office/2 days remote) – New York, NY or Century City, CA  About the team:  StubHub’s Product Security Engineering Team plays a critical role in securing the platforms that power the world’s largest ticket marketplace. This team works hands-on with cutting-edge tools and cloud-native technologies to embed security into every layer of the software development lifecycle—from architecture to automation. If you're passionate about offensive security, CI/CD hardening, and driving real impact across modern product teams, this is your opportunity to lead and innovate at global scale. <div class="section page-centered" data-qa="job-description"> <div class="section page-centered" data-qa="job-description"> <div> What You’ll Do: <ul> <li>Conduct security assessments, code reviews, and penetration tests on web applications, APIs, and mobile apps to identify vulnerabilities and flaws. </li> <li>Collaborate with development teams to embed security into CI/CD pipelines, including the implementation of automated code scanning tools. </li> <li>Develop and maintain secure coding guidelines and conduct security awareness training for developers. </li> <li>Respond to security incidents, perform root cause analyses, and recommend effective remediations. </li> <li>Stay current on emerging security threats, vulnerabilities, and mitigation strategies; proactively share insights across teams. </li> <li>Help develop and enforce application security policies, standards, and procedures aligned with industry regulations and best practices. </li> <li>Conduct architectural reviews to ensure the security of new technologies and controls. </li> <li>Build and maintain robust product vulnerability management processes and procedures. </li> <li>Write and maintain production-grade APIs to automate security processes and streamline infrastructure and developer workflows. </li> <li>Triage and respond to findings from StubHub’s enterprise Bug Bounty program. </li> </ul> What You’ve Done: <ul> <li>Demonstrated expert-level understanding of offensive web application security testing and defense-in-depth remediation strategies. </li> <li>Expert-level skills in vulnerability assessments and code reviews. </li> <li>Extensive experience with automated security testing tools (e.g., Burp Suite, OWASP ZAP, Snyk). </li> <li>Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical audiences. </li> <li>Hands-on experience in applied cryptography and key management. </li> <li>Proven ability to implement SAST, DAST, and SBOM tooling within development workflows. </li> <li>Experience in performing structured threat modeling (e.g., STRIDE, PASTA). </li> <li>Intermediate proficiency in at least one scripting language (e.g., Python, Ruby). </li> <li>Familiarity with security frameworks such as PCI DSS, CIS, ISO 27001, and NIST CSF.</li> </ul> Preferred Skills and Qualifications:  <ul> <li>Industry-recognized security certifications (e.g., OSCP, CEH, CISSP, GWAPT). </li> <li>Intermediate-level experience with cloud security principles and technologies in AWS and Azure. </li> <li>Understanding of Kubernetes security fundamentals, including the use of admission controllers, network policies, role-based access control (RBAC), and ingress architecture design. </li> <li>Software development experience in Java & C#. </li> </ul> </div> </div> <div class="section page-centered"> <div> What We Offer: <ul> <li>Accelerated Growth Environment: An environment designed for swift skill and knowledge enhancement, where you have the autonomy to lead experiments and tests on a massive scale.</li> <li>Top Tier Compensation Package: Competitive base, equity, and upside that tracks with your impact.</li> <li>Flexible Time Off: Enjoy unlimited Flex Time Off, giving you the flexibility to manage your schedule and take time to recharge as needed.</li> <li>Comprehensive Benefits Package: Prioritize your well-being with a comprehensive benefits package, featuring 401k, and premium Health, Vision, and Dental Insurance options.</li> </ul>   </div> </div> </div><div class="content-pay-transparency"><div class="pay-input"><div class="description">The anticipated gross base pay range is below for this role. Actual compensation will vary depending on factors such as a candidate’s qualifications, skills, experience, and competencies. Base annual salary is one component of StubHub’s total compensation and competitive benefits package, which includes equity, 401(k), paid time off, paid parental leave, and comprehensive health benefits. </div><div class="title">Salary Range</div><div class="pay-range">$200,000—$250,000 USD</div></div></div><div class="content-conclusion"><div>About Us </div> <div>StubHub is the world’s leading marketplace to buy and sell tickets to any live event, anywhere. Through StubHub in North America and viagogo, our international platform, we service customers in 195 countries in 33 languages and 49 available currencies. With more than 300 million tickets available annually on our platform to events around the world -- from sports to music, comedy to dance, festivals to theater -- StubHub offers the safest, most convenient way to buy or sell tickets to the most memorable live experiences. Come join our team for a front-row seat to the action. </div> <div> </div> <div>For California Residents: California Job Applicant Privacy Notice found <a class="postings-link" href="https://img.vggcdn.net/webresources/PDF/Privacy_Notice_for_Job_Applicants_California.pdf">here</a></div> <div> </div> <div>We are an equal opportunity employer and value diversity on our team. We do not discriminate on the basis of race, color, religion, sex, national origin, gender, sexual orientation, age, disability, veteran status, or any other legally protected status.</div></div>

About the Role

Related Roles