Product Security Engineer II
Company: StubHub
Location: Los Angeles
Posted on: September 19, 2024
Job Description:
StubHub is on a mission to redefine the live event experience on
a global scale. Whether someone is looking to attend their first
event or their hundredth, we're here to delight them all the way
from the moment they start looking for a ticket until they step
through the gate. The same goes for our sellers. From fans selling
a single ticket to the promoters of a worldwide stadium tour, we
want StubHub to be the safest, most convenient way to offer a
ticket to the millions of fans who browse our platform around the
world.StubHub Product Security Engineering is seeking an engineer
to enhance our security posture within the end user and services
product domain. The perfect candidate will possess experience in
CI/CD pipeline security, product and application architecture
reviews, contextualized vulnerability management processes, and
automation.This is a hybrid work opportunity located in Los
Angeles, CA.About the team:Our Security Platform team serves as the
linchpin of our engineering organization, offering common code
packages that encapsulate best practices around observability and
performance. The team provides managed services such as Messaging
as a Service and Distributed Caching to the rest of the engineering
organization. We focus on the developer experience by equipping our
engineers with a rich toolset for building, deploying, and
debugging applications and services. We collaborate cross
functionally across all platforms within the organization to ensure
all teams are aligned on infrastructure best practices.What You'll
Do:
- Conduct security assessments, code reviews, and penetration
tests on web applications, APIs, and mobile applications to
identify vulnerabilities and security flaws.
- Collaborate with development teams to integrate security
practices into the CI/CD pipelines, including implementing
automated code scanning tools.
- Develop and maintain secure coding guidelines and provide
training to developers on security best practices and
awareness.
- Manage and respond to security incidents, including performing
root cause analysis and recommending remediations.
- Stay abreast of the latest security threats, vulnerabilities,
and mitigation techniques; share insights with internal teams to
foster a culture of security.
- Assist in the development and implementation of application
security policies, standards, and procedures in alignment with
industry best practices and regulatory requirements.
- Conduct architectural reviews of new technologies and security
controls to ensure they meet security best-practices.
- Develop and/or maintain product vulnerability management
processes and procedures.
- Write and maintain production-quality APIs to automate security
processes, benefiting infrastructure and developer workflows.
- Operate and respond to enterprise Bug-Bounty program
findings.What You've Done:
- Intermediatelevel understanding of principles, theories, and
concepts related to offensive web application security testing and
defense-in-depth remediation approaches.
- Intermediatelevel knowledge in conducting vulnerability
assessments and code reviews.
- Intermediatelevel proficiency with automated security testing
tools (e.g., Burp Suite, OWASP ZAP, Snyk).
- Intermediate level communication skills, with the ability to
articulate complex security issues to technical and non-technical
stakeholders.
- Intermediate level experience in applied cryptography & key
management.
- Intermediate level experience in implementing SAST, DAST and
SBOM generation tooling into developer workflows.
- Intermediate level experience in performing threat modeling
(e.g., STRIDE, PASTA)
- Intermediate level proficiency in at least one scripting
language (e.g., Python, Ruby).
- Intermediate level familiarity of security frameworks (e.g.,
PCI DSS, CIS, ISO 27001, NIST CSF). Preferred Skills and
Qualifications:
- Security certifications (e.g., OSCP, CEH, CISSP, GWAPT).
- Intermediate level experience with cloud security principles
and technologies in AWS & Azure.
- Intermediate level knowledge of Kubernetes (K8s) Security
foundations, including admission controllers, K8s Network Policies,
K8s RBAC, and K8s Ingress architectures.
- Intermediate level proficiency in DDoS mitigation techniques
using AWS Shield, CDN traffic scrubbing, and origin protection
mechanisms.
- Intermediate level Software development experience in C#.What
We Offer
- Accelerated Growth Environment: Immerse yourself in an
environment designed for swift skill and knowledge enhancement,
where you have the autonomy to lead experiments and tests on a
massive scale.
- Top Tier Compensation Package: Enjoy a rewarding compensation
package that includes enticing stock incentives, aligning with our
commitment to recognizing and valuing your contributions.
- Flexible Time Off: Embrace a healthy work-life balance with
unlimited Flex Time Off, providing you the flexibility to manage
your schedule and recharge as needed.
- Comprehensive Benefits Package: Prioritize your well-being with
a comprehensive benefits package, featuring 401k, and premium
Health, Vision, and Dental Insurance options.
- Team-Building Events: Engage in vibrant team events that foster
camaraderie and collaboration, creating an atmosphere where your
professional and personal growth are celebrated.The anticipated
gross annual base salary range for this role is $175,000 - $230,000
per year. Actual compensation will vary depending on factors such
as a candidate's qualifications, skills, experience, and
competencies. Base annual salary is one component of StubHub's
total compensation and competitive benefits package, which also
includes equity, 401(k), paid time off, paid parental leave, and
comprehensive health benefits.California Job Applicant Privacy
Notice foundAbout UsStubHub is the world's leading marketplace to
buy and sell tickets to any live event, anywhere. Through StubHub
in North America and viagogo, our international platform, we
service customers in 195 countries in 33 languages and 49 available
currencies. With more than 300 million tickets available annually
on our platform to events around the world -- from sports to music,
comedy to dance, festivals to theater -- StubHub offers the safest,
most convenient way to buy or sell tickets to the most memorable
live experiences. Come join our team for a front-row seat to the
action.We are an equal opportunity employer and value diversity on
our team. We do not discriminate on the basis of race, color,
religion, sex, national origin, gender, sexual orientation, age,
disability, veteran status, or any other legally protected
status.
#J-18808-Ljbffr
Keywords: StubHub, Los Angeles , Product Security Engineer II, Engineering , Los Angeles, California
Didn't find what you're looking for? Search again!
Loading more jobs...