Software Engineer II - Product Security
Role details
Job location
Tech stack
Job description
StubHub's Product Security Engineering Team is seeking a Software Engineer II to enhance our security posture within the end user and services product domain. The perfect candidate will possess experience in CI/CD pipeline security, product and application architecture reviews, contextualized vulnerability management processes, and automation., * Collaborate with development teams to embed security into CI/CD pipelines, including the implementation of automated code scanning tools.
- Develop and maintain secure coding guidelines and conduct security awareness training for developers.
- Respond to security incidents, perform root cause analyses, and recommend effective remediations.
- Stay current on emerging security threats, vulnerabilities, and mitigation strategies; proactively share insights across teams.
- Help develop and enforce application security policies, standards, and procedures aligned with industry regulations and best practices.
- Conduct architectural reviews to ensure the security of new technologies and controls.
- Build and maintain robust product vulnerability management processes and procedures.
- Write and maintain production-grade APIs to automate security processes and streamline infrastructure and developer workflows.
- Triage and respond to findings from StubHub's enterprise Bug Bounty program.
Requirements
- Demonstrated expert-level understanding of offensive web application security testing and defense-in-depth remediation strategies.
- Expert-level skills in vulnerability assessments and code reviews.
- Extensive experience with automated security testing tools (e.g., Burp Suite, OWASP ZAP, Snyk).
- Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical audiences.
- Hands-on experience in applied cryptography and key management.
- Proven ability to implement SAST, DAST, and SBOM tooling within development workflows.
- Experience in performing structured threat modeling (e.g., STRIDE, PASTA).
- Intermediate proficiency in at least one scripting language (e.g., Python, Ruby).
- Familiarity with security frameworks such as PCI DSS, CIS, ISO 27001, and NIST CSF.
Preferred Skills and Qualifications:
- Industry-recognized security certifications (e.g., OSCP, CEH, CISSP, GWAPT).
- Intermediate-level experience with cloud security principles and technologies in AWS and Azure.
- Understanding of Kubernetes security fundamentals, including the use of admission controllers, network policies, role-based access control (RBAC), and ingress architecture design.
- Software development experience in Java & C#.
Benefits & conditions
- Top Tier Compensation Package: Competitive base, equity, and upside that tracks with your impact.
- Flexible Time Off: Enjoy unlimited Flex Time Off, giving you the flexibility to manage your schedule and take time to recharge as needed.
- Comprehensive Benefits Package: Prioritize your well-being with a comprehensive benefits package, featuring 401k, and premium Health, Vision, and Dental Insurance options.
The anticipated gross base pay range is below for this role. Actual compensation will vary depending on factors such as a candidate's qualifications, skills, experience, and competencies. Base annual salary is one component of StubHub's total compensation and competitive benefits package, which includes equity, 401(k), paid time off, paid parental leave, and comprehensive health benefits.
Salary Range
$165,000-$200,000 USD