Senior Product Security Engineer

About The Position

Requirements

• Demonstrated expert-level understanding of offensive web application security testing and defense-in-depth remediation strategies.
• Expert-level skills in vulnerability assessments and code reviews.
• Extensive experience with automated security testing tools (e.g., Burp Suite, OWASP ZAP, Snyk).
• Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical audiences.
• Hands-on experience in applied cryptography and key management.
• Proven ability to implement SAST, DAST, and SBOM tooling within development workflows.
• Experience in performing structured threat modeling (e.g., STRIDE, PASTA).
• Intermediate proficiency in at least one scripting language (e.g., Python, Ruby).
• Familiarity with security frameworks such as PCI DSS, CIS, ISO 27001, and NIST CSF.

Nice To Haves

• Industry-recognized security certifications (e.g., OSCP, CEH, CISSP, GWAPT).
• Intermediate-level experience with cloud security principles and technologies in AWS and Azure.
• Understanding of Kubernetes security fundamentals, including the use of admission controllers, network policies, role-based access control (RBAC), and ingress architecture design.
• Software development experience in Java & C#.

Responsibilities

• Conduct security assessments, code reviews, and penetration tests on web applications, APIs, and mobile apps to identify vulnerabilities and flaws.
• Collaborate with development teams to embed security into CI/CD pipelines, including the implementation of automated code scanning tools.
• Develop and maintain secure coding guidelines and conduct security awareness training for developers.
• Respond to security incidents, perform root cause analyses, and recommend effective remediations.
• Stay current on emerging security threats, vulnerabilities, and mitigation strategies; proactively share insights across teams.
• Help develop and enforce application security policies, standards, and procedures aligned with industry regulations and best practices.
• Conduct architectural reviews to ensure the security of new technologies and controls.
• Build and maintain robust product vulnerability management processes and procedures.
• Write and maintain production-grade APIs to automate security processes and streamline infrastructure and developer workflows.
• Triage and respond to findings from StubHub’s enterprise Bug Bounty program.

Benefits

• Accelerated Growth Environment: An environment designed for swift skill and knowledge enhancement, where you have the autonomy to lead experiments and tests on a massive scale.
• Top Tier Compensation Package: Competitive base, equity, and upside that tracks with your impact.
• Flexible Time Off: Enjoy unlimited Flex Time Off, giving you the flexibility to manage your schedule and take time to recharge as needed.
• Comprehensive Benefits Package: Prioritize your well-being with a comprehensive benefits package, featuring 401k, and premium Health, Vision, and Dental Insurance options.