Senior Product Security Engineer

What You’ll Do:

• Conduct security assessments, code reviews, and penetration tests on web applications, APIs, and mobile apps to identify vulnerabilities and flaws. 
• Collaborate with development teams to embed security into CI/CD pipelines, including the implementation of automated code scanning tools. 
• Develop and maintain secure coding guidelines and conduct security awareness training for developers. 
• Respond to security incidents, perform root cause analyses, and recommend effective remediations. 
• Stay current on emerging security threats, vulnerabilities, and mitigation strategies; proactively share insights across teams. 
• Help develop and enforce application security policies, standards, and procedures aligned with industry regulations and best practices. 
• Conduct architectural reviews to ensure the security of new technologies and controls. 
• Build and maintain robust product vulnerability management processes and procedures. 
• Write and maintain production-grade APIs to automate security processes and streamline infrastructure and developer workflows. 
• Triage and respond to findings from StubHub’s enterprise Bug Bounty program. 

What You’ve Done:

• Demonstrated expert-level understanding of offensive web application security testing and defense-in-depth remediation strategies. 
• Expert-level skills in vulnerability assessments and code reviews. 
• Extensive experience with automated security testing tools (e.g., Burp Suite, OWASP ZAP, Snyk). 
• Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical audiences. 
• Hands-on experience in applied cryptography and key management. 
• Proven ability to implement SAST, DAST, and SBOM tooling within development workflows. 
• Experience in performing structured threat modeling (e.g., STRIDE, PASTA). 
• Intermediate proficiency in at least one scripting language (e.g., Python, Ruby). 
• Familiarity with security frameworks such as PCI DSS, CIS, ISO 27001, and NIST CSF.

Preffered Skills and Qualifications: 

• Industry-recognized security certifications (e.g., OSCP, CEH, CISSP, GWAPT). 
• Intermediate-level experience with cloud security principles and technologies in AWS and Azure. 
• Understanding of Kubernetes security fundamentals, including the use of admission controllers, network policies, role-based access control (RBAC), and ingress architecture design. 
• Software development experience in Java & C#. 

What We Offer:

• Accelerated Growth Environment: Immerse yourself in an environment designed for swift skill and knowledge enhancement, where you have the autonomy to lead experiments and tests on a massive scale.
• Top Tier Compensation Package: Enjoy a rewarding compensation package that includes enticing stock incentives, aligning with our commitment to recognizing and valuing your contributions.
• Flexible Time Off: Embrace a healthy work-life balance with unlimited Flex Time Off, providing you the flexibility to manage your schedule and recharge as needed.
• Comprehensive Benefits Package: Prioritize your well-being with a comprehensive benefits package, featuring 401k, and premium Health, Vision, and Dental Insurance options.
• Team-Building Events: Engage in vibrant team events that foster camaraderie and collaboration, creating an atmosphere where your professional and personal growth are celebrated.