Skip to main content

StubHub

Software Engineer II - Product Security

Los Angeles, California, United StatesFrom $200kmidAdded today

About this role

StubHub seeks a Software Engineer II for Product Security to strengthen security across their ticketing platform. You'll conduct security assessments, embed safeguards into CI/CD pipelines, and collaborate with engineering teams to identify and remediate vulnerabilities across web, API, and mobile applications.

What you'll do

  • Perform security assessments, code reviews, and penetration testing on web applications, APIs, and mobile apps
  • Integrate security controls into CI/CD pipelines with automated code scanning and vulnerability detection
  • Develop secure coding guidelines and deliver security training to development teams
  • Investigate security incidents, conduct root cause analysis, and recommend remediation strategies
  • Review product and application architectures for security weaknesses
  • Maintain contextualized vulnerability management processes and automation

What they're looking for

  • CI/CD pipeline security and hardening
  • Application and code security review
  • Penetration testing and vulnerability assessment
  • Secure coding practices and architecture design
  • Cloud-native security technologies
  • Incident response and threat analysis
  • Security automation and tooling
  • API and mobile application security
Apply on the employer's site

Opens the official application on the employer’s site. No login required.

StubHub

StubHub builds a ticket marketplace platform with core infrastructure, compute systems, and consumer-facing web applications that serve millions of users. The company is hiring software engineers across multiple levels to develop distributed systems, platform infrastructure, seller tools, web foundations, and post-purchase customer experience features.

View all jobs at StubHub

Likely interview questions

  • Describe your experience securing CI/CD pipelines—what tools and practices have you implemented?
  • Walk us through a penetration test or code review you conducted; what vulnerabilities did you find and how did you communicate remediation?