StubHub's Product Security Engineering Team is seeking a Senior Engineer to enhance security within the end user and services product domain. The ideal candidate will have experience in CI/CD pipeline security, product and application architecture reviews, and automation. This team plays a critical role in securing the platforms that power the world's largest ticket marketplace. If you are passionate about offensive security and driving impact across product teams, this is an opportunity to lead and innovate at a global scale.

• Demonstrated expert-level understanding of offensive web application security testing.
• Expert-level skills in vulnerability assessments and code reviews.
• Extensive experience with automated security testing tools such as Burp Suite and OWASP ZAP.
• Strong communication skills to convey complex security concepts to technical and non-technical audiences.
• Hands-on experience in applied cryptography and key management.
• Proven ability to implement SAST, DAST, and SBOM tooling within development workflows.
• Experience in performing structured threat modeling.
• Intermediate proficiency in at least one scripting language such as Python or Ruby.
• Familiarity with security frameworks such as PCI DSS, CIS, ISO 27001, and NIST CSF.

• Conduct security assessments, code reviews, and penetration tests on web applications, APIs, and mobile apps.
• Collaborate with development teams to embed security into CI/CD pipelines.
• Develop and maintain secure coding guidelines and conduct security awareness training for developers.
• Respond to security incidents, perform root cause analyses, and recommend effective remediations.
• Stay current on emerging security threats, vulnerabilities, and mitigation strategies.
• Help develop and enforce application security policies, standards, and procedures.
• Conduct architectural reviews to ensure the security of new technologies and controls.
• Build and maintain robust product vulnerability management processes and procedures.
• Write and maintain production-grade APIs to automate security processes.
• Triage and respond to findings from StubHub’s enterprise Bug Bounty program.

• Employees at StubHub may receive benefits such as health coverage, retirement savings options, and other perks typical of large technology and e-commerce companies, supporting both their professional growth and overall well-being.