Senior Product Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

StubHub · 6 hours ago

Senior Product Security Engineer

positionNew York, NY
timeFull-time
remoteHybrid
senioritySenior Level
money$200K/yr - $250K/yr

StubHub is on a mission to redefine the live event experience on a global scale. They are seeking a Senior Product Security Engineer to enhance their security posture within the end user and services product domain by conducting security assessments, collaborating with development teams, and responding to security incidents.

E-CommerceMarketplaceTicketing
check
H1B Sponsor Likelynote

Responsibilities

Conduct security assessments, code reviews, and penetration tests on web applications, APIs, and mobile apps to identify vulnerabilities and flaws
Collaborate with development teams to embed security into CI/CD pipelines, including the implementation of automated code scanning tools
Develop and maintain secure coding guidelines and conduct security awareness training for developers
Respond to security incidents, perform root cause analyses, and recommend effective remediations
Stay current on emerging security threats, vulnerabilities, and mitigation strategies; proactively share insights across teams
Help develop and enforce application security policies, standards, and procedures aligned with industry regulations and best practices
Conduct architectural reviews to ensure the security of new technologies and controls
Build and maintain robust product vulnerability management processes and procedures
Write and maintain production-grade APIs to automate security processes and streamline infrastructure and developer workflows
Triage and respond to findings from StubHub’s enterprise Bug Bounty program

Qualification

CI/CD pipeline securityVulnerability assessmentsAutomated security testing toolsApplied cryptographyScripting languageSecurity certificationsCloud security principlesKubernetes securityJavaC#Communication skills

Required

Experience in CI/CD pipeline security
Product and application architecture reviews
Contextualized vulnerability management processes
Automation
Conduct security assessments, code reviews, and penetration tests on web applications, APIs, and mobile apps to identify vulnerabilities and flaws
Collaborate with development teams to embed security into CI/CD pipelines, including the implementation of automated code scanning tools
Develop and maintain secure coding guidelines and conduct security awareness training for developers
Respond to security incidents, perform root cause analyses, and recommend effective remediations
Stay current on emerging security threats, vulnerabilities, and mitigation strategies; proactively share insights across teams
Help develop and enforce application security policies, standards, and procedures aligned with industry regulations and best practices
Conduct architectural reviews to ensure the security of new technologies and controls
Build and maintain robust product vulnerability management processes and procedures
Write and maintain production-grade APIs to automate security processes and streamline infrastructure and developer workflows
Triage and respond to findings from StubHub's enterprise Bug Bounty program
Demonstrated expert-level understanding of offensive web application security testing and defense-in-depth remediation strategies
Expert-level skills in vulnerability assessments and code reviews
Extensive experience with automated security testing tools (e.g., Burp Suite, OWASP ZAP, Snyk)
Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical audiences
Hands-on experience in applied cryptography and key management
Proven ability to implement SAST, DAST, and SBOM tooling within development workflows
Experience in performing structured threat modeling (e.g., STRIDE, PASTA)
Intermediate proficiency in at least one scripting language (e.g., Python, Ruby)
Familiarity with security frameworks such as PCI DSS, CIS, ISO 27001, and NIST CSF

Preferred

Industry-recognized security certifications (e.g., OSCP, CEH, CISSP, GWAPT)
Intermediate-level experience with cloud security principles and technologies in AWS and Azure
Understanding of Kubernetes security fundamentals, including the use of admission controllers, network policies, role-based access control (RBAC), and ingress architecture design
Software development experience in Java & C#

Benefits

401k
Premium Health, Vision, and Dental Insurance options

Company

StubHub

twittertwittertwitter
Glassdoor2.9
company-logo
StubHub is a ticket marketplace where users buy and sell tickets for sports, concerts, theater, and live events. It is a sub-organization of eBay.
dateFounded in 2000
location
San Francisco, California, USA
people-size1001-5000 employees
web-link
http://www.stubhub.com

H1B Sponsorship

StubHub has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (35)
2024 (20)
2023 (20)
2022 (4)
2021 (4)
2020 (33)

Funding

Current Stage
Public Company
Total Funding
$59.23M
Key Investors
ViagogoStephens GroupBEA Systems
2025-09-17IPO
2021-12-23Series Unknown· $39.63M
2021-09-08Acquired

Leadership Team

leader-logo
Connie James
Chief Financial Officer
linkedin

Recent News

The Motley Fool
Why StubHub Stock Popped by 15% Last Month
2026-01-12
GlobeNewswire
UPCOMING DEADLINE: Faruqi & Faruqi, LLP Investigates Claims on Behalf of Investors of StubHub
2026-01-09
Newsfile
SHAREHOLDER ACTION REMINDER: Faruqi & Faruqi, LLP Investigates Claims on Behalf of Investors of StubHub
2026-01-06
Company data provided by crunchbase