StubHub
Software Engineer II - Product Security
Los Angeles, California, United StatesFrom $200kmidAdded today
About this role
StubHub seeks a Software Engineer II for Product Security to strengthen security across their ticketing platform. You'll conduct security assessments, embed safeguards into CI/CD pipelines, and collaborate with engineering teams to identify and remediate vulnerabilities across web, API, and mobile applications.
What you'll do
- Perform security assessments, code reviews, and penetration testing on web applications, APIs, and mobile apps
- Integrate security controls into CI/CD pipelines with automated code scanning and vulnerability detection
- Develop secure coding guidelines and deliver security training to development teams
- Investigate security incidents, conduct root cause analysis, and recommend remediation strategies
- Review product and application architectures for security weaknesses
- Maintain contextualized vulnerability management processes and automation
What they're looking for
- CI/CD pipeline security and hardening
- Application and code security review
- Penetration testing and vulnerability assessment
- Secure coding practices and architecture design
- Cloud-native security technologies
- Incident response and threat analysis
- Security automation and tooling
- API and mobile application security
Opens the official application on the employer’s site. No login required.
StubHub
StubHub builds a ticket marketplace platform with core infrastructure, compute systems, and consumer-facing web applications that serve millions of users. The company is hiring software engineers across multiple levels to develop distributed systems, platform infrastructure, seller tools, web foundations, and post-purchase customer experience features.
- Website
- stubhub.com
Likely interview questions
- Describe your experience securing CI/CD pipelines—what tools and practices have you implemented?
- Walk us through a penetration test or code review you conducted; what vulnerabilities did you find and how did you communicate remediation?