Senior Product Security Engineer
About The Position
StubHub's Product Security Engineering Team is seeking a Senior Engineer to enhance our security posture within the end user and services product domain. The perfect candidate will possess experience in CI/CD pipeline security, product and application architecture reviews, contextualized vulnerability management processes, and automation. This role is hybrid, with 3 days in office and 2 days remote, located in New York, NY or Century City, CA. StubHub’s Product Security Engineering Team plays a critical role in securing the platforms that power the world’s largest ticket marketplace. This team works hands-on with cutting-edge tools and cloud-native technologies to embed security into every layer of the software development lifecycle—from architecture to automation. If you're passionate about offensive security, CI/CD hardening, and driving real impact across modern product teams, this is your opportunity to lead and innovate at global scale.
Requirements
- Demonstrated expert-level understanding of offensive web application security testing and defense-in-depth remediation strategies.
- Expert-level skills in vulnerability assessments and code reviews.
- Extensive experience with automated security testing tools (e.g., Burp Suite, OWASP ZAP, Snyk).
- Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical audiences.
- Hands-on experience in applied cryptography and key management.
- Proven ability to implement SAST, DAST, and SBOM tooling within development workflows.
- Experience in performing structured threat modeling (e.g., STRIDE, PASTA).
- Intermediate proficiency in at least one scripting language (e.g., Python, Ruby).
- Familiarity with security frameworks such as PCI DSS, CIS, ISO 27001, and NIST CSF.
Nice To Haves
- Industry-recognized security certifications (e.g., OSCP, CEH, CISSP, GWAPT).
- Intermediate-level experience with cloud security principles and technologies in AWS and Azure.
- Understanding of Kubernetes security fundamentals, including the use of admission controllers, network policies, role-based access control (RBAC), and ingress architecture design.
- Software development experience in Java & C#.
Responsibilities
- Conduct security assessments, code reviews, and penetration tests on web applications, APIs, and mobile apps to identify vulnerabilities and flaws.
- Collaborate with development teams to embed security into CI/CD pipelines, including the implementation of automated code scanning tools.
- Develop and maintain secure coding guidelines and conduct security awareness training for developers.
- Respond to security incidents, perform root cause analyses, and recommend effective remediations.
- Stay current on emerging security threats, vulnerabilities, and mitigation strategies; proactively share insights across teams.
- Help develop and enforce application security policies, standards, and procedures aligned with industry regulations and best practices.
- Conduct architectural reviews to ensure the security of new technologies and controls.
- Build and maintain robust product vulnerability management processes and procedures.
- Write and maintain production-grade APIs to automate security processes and streamline infrastructure and developer workflows.
- Triage and respond to findings from StubHub’s enterprise Bug Bounty program.
Benefits
- Accelerated Growth Environment
- Top Tier Compensation Package
- Flexible Time Off
- Comprehensive Benefits Package
- 401k
- Health Insurance
- Vision Insurance
- Dental Insurance
- Paid parental leave
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
