Software Engineer II - Product Security

PRODUCTION ENGINEERED PRODUCTS, INC.
New York, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
$ 200K

Job location

New York, United States of America

Tech stack

Kubernetes Security
Java
API
Amazon Web Services (AWS)
Applications Architecture
Automation of Tests
Azure
Burp Suite
C Sharp (Programming Language)
Cloud Computing Security
Code Review
Computer Networks
Continuous Integration
Python
Key Management
PCI Data Security Standards
Role-Based Access Control
Ruby
Secure Coding
Web Application Security
Security Software
Software Engineering
Software Vulnerability Management
Scripting (Bash/Python/Go/Ruby)
Sonatype
Software Security
GWAPT
Static Application Security Testing
Vulnerability Analysis
Dynamic Application Security Testing

Job description

StubHub's Product Security Engineering Team is seeking a Software Engineer II to enhance our security posture within the end user and services product domain. The perfect candidate will possess experience in CI/CD pipeline security, product and application architecture reviews, contextualized vulnerability management processes, and automation., * Collaborate with development teams to embed security into CI/CD pipelines, including the implementation of automated code scanning tools.

  • Develop and maintain secure coding guidelines and conduct security awareness training for developers.
  • Respond to security incidents, perform root cause analyses, and recommend effective remediations.
  • Stay current on emerging security threats, vulnerabilities, and mitigation strategies; proactively share insights across teams.
  • Help develop and enforce application security policies, standards, and procedures aligned with industry regulations and best practices.
  • Conduct architectural reviews to ensure the security of new technologies and controls.
  • Build and maintain robust product vulnerability management processes and procedures.
  • Write and maintain production-grade APIs to automate security processes and streamline infrastructure and developer workflows.
  • Triage and respond to findings from StubHub's enterprise Bug Bounty program.

Requirements

  • Demonstrated expert-level understanding of offensive web application security testing and defense-in-depth remediation strategies.
  • Expert-level skills in vulnerability assessments and code reviews.
  • Extensive experience with automated security testing tools (e.g., Burp Suite, OWASP ZAP, Snyk).
  • Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical audiences.
  • Hands-on experience in applied cryptography and key management.
  • Proven ability to implement SAST, DAST, and SBOM tooling within development workflows.
  • Experience in performing structured threat modeling (e.g., STRIDE, PASTA).
  • Intermediate proficiency in at least one scripting language (e.g., Python, Ruby).
  • Familiarity with security frameworks such as PCI DSS, CIS, ISO 27001, and NIST CSF.

Preferred Skills and Qualifications:

  • Industry-recognized security certifications (e.g., OSCP, CEH, CISSP, GWAPT).
  • Intermediate-level experience with cloud security principles and technologies in AWS and Azure.
  • Understanding of Kubernetes security fundamentals, including the use of admission controllers, network policies, role-based access control (RBAC), and ingress architecture design.
  • Software development experience in Java & C#.

Benefits & conditions

  • Top Tier Compensation Package: Competitive base, equity, and upside that tracks with your impact.
  • Flexible Time Off: Enjoy unlimited Flex Time Off, giving you the flexibility to manage your schedule and take time to recharge as needed.
  • Comprehensive Benefits Package: Prioritize your well-being with a comprehensive benefits package, featuring 401k, and premium Health, Vision, and Dental Insurance options.

The anticipated gross base pay range is below for this role. Actual compensation will vary depending on factors such as a candidate's qualifications, skills, experience, and competencies. Base annual salary is one component of StubHub's total compensation and competitive benefits package, which includes equity, 401(k), paid time off, paid parental leave, and comprehensive health benefits.

Salary Range

$165,000-$200,000 USD

About the company

StubHub is on a mission to redefine the live event experience on a global scale. Whether someone is looking to attend their first event or their hundredth, we're here to delight them all the way from the moment they start looking for a ticket until they step through the gate. The same goes for our sellers. From fans selling a single ticket to the promoters of a worldwide stadium tour, we want StubHub to be the safest, most convenient way to offer a ticket to the millions of fans who browse our platform around the world., StubHub's Product Security Engineering Team plays a critical role in securing the platforms that power the world's largest ticket marketplace. This team works hands-on with cutting-edge tools and cloud-native technologies to embed security into every layer of the software development lifecycle-from architecture to automation. If you're passionate about offensive security, CI/CD hardening, and driving real impact across modern product teams, this is your opportunity to lead and innovate at global scale., StubHub is the world's leading marketplace to buy and sell tickets to any live event, anywhere. Through StubHub in North America and viagogo, our international platform, we service customers in 195 countries in 33 languages and 49 available currencies. With more than 300 million tickets available annually on our platform to events around the world -- from sports to music, comedy to dance, festivals to theater -- StubHub offers the safest, most convenient way to buy or sell tickets to the most memorable live experiences. Come join our team for a front-row seat to the action.

Apply for this position