Security Engineer

New York City


Buy and sell sports tickets, concert tickets, theater tickets and Broadway tickets on StubHub!

View company page

Help protect StubHub and our users.

The StubHub security team is dedicated to continually improving the security of our company and its users. Our users trust us to store and process their most sensitive information. The security team brings security to the forefront in everything StubHub does. Security concerns are ever-evolving, making our team work in a deeply dynamic environment.

What you'll do:

  • Be a security authority and respond to any internal security engineering questions/requests
  • Work with other teams to entrench a culture of security throughout the product lifecycle and help architect solutions that are inherently secure
  • Correctly balance security risk and product advancement
  • Work towards providing a minimum number of false positives and provide automated responses to alerts produced by our monitoring tools
  • Lead the implementation of bug fixes on discovered bugs or vulnerabilities, whether they are discovered by your own vulnerability mgmt. tools or as part of our bounty program
  • Be involved in reactive incident response when a security event occurs
  • Perform research to detect new attack vectors
  • Architect and create frameworks that prevent current and future attack scenarios
  • Create and execute training exercises to advance users’ security knowledge
  • Research, architect, and execute solutions that will advance internal security monitoring & controls

What you need:

  • 2-4yrs of security experience
  • Experience with vulnerability management software (e.g., Rapid7) to test and identify systems and network vulnerabilities
  • Experience managing and/or being part of a bounty program
  • Penetration testing experience
  • Prior experience as an incident response engineer in a 24x7 worldwide organization
  • Prior experience leading a user awareness program (phishing exercises, user training…)
  • Prior experience with the Microsoft 365 Defender suite and Microsoft Azure’s security related features (PIM, Conditional Access Policies, Cloud App security…)
  • Knowledge of email systems and concepts such as DKIM, DMARC, SPF…
  • Familiarity with core security frameworks (e.g., PCI DSS, NIST 27001, NIST CSF, CIS…)
  • Experience ensuring that the organization’s data and infrastructure are protected by enabling the appropriate security controls
  • Familiarity with change management processes
  • Superb problem-solving skills
  • Ability to clearly report on the security posture of the organization
About StubHub:
For over 20 years, StubHub has been the leading marketplace for fans to buy and sell tickets. Today, we continue to offer you peace of mind with our exclusive FanProtect Guarantee, best-in-class customer service, and product features that ensure we have your back. Combined with viagogo, we now span 90+ countries around the world.

The anticipated gross salary range for this role is $175,000-$192,500 per year. Actual compensation will vary depending on factors such as a candidate’s qualifications, skills, experience, and competencies. Base annual salary is one component of StubHub’s total compensation and competitive benefits package, which includes equity, 401(k), paid time off, paid parental leave, and comprehensive health benefits. 

About us:

StubHub is on a mission to give the world the freedom to connect to powerful live experiences no matter where they are, whenever they want. Whether it's Harry Styles, the Yankees, Billie Eilish or Real Madrid, we're here to give fans the access to the live entertainment they love. That means we must power the destination for every type of live event fan to unlock the transformative live experience that’s right for them. We are their ticket to unforgettable memories – the crack of the bat, the first guitar chord or drum tap, the roar of the crowd at the championship winning goal, the joke that makes their belly ache from laughter. To do this, we must have the most premiere industry partnerships that deliver more seamless integrated solutions and aggregate the widest event catalogue, know our customers to design more personalized discovery of that very catalogue and get that fan into the event of their dreams so they keep coming back. Daily innovation is at the crux of how we do this and a passionate team that rigorously prioritizes the most results-oriented work they can deliver is what gets it done and keeps us leading the industry.

We are an equal opportunity employer and value diversity on our team. We do not discriminate on the basis of race, color, religion, sex, national origin, gender, sexual orientation, age, disability, veteran status, or any other legally protected status.
Apply now Apply later
  • Share this job via
  • or

Tags: Azure Cloud Incident response Monitoring NIST PCI DSS Pentesting Vulnerabilities Vulnerability management

Perks/benefits: Competitive pay Equity Health care Parental leave

Region: North America
Country: United States
Job stats:  6  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.