StubHub
Senior Security Software Engineer - Cloud & Infra Security
StubHub, Los Angeles, California, United States, 90079
Overview
StubHub is on a mission to redefine the live event experience on a global scale. We aim to delight fans and sellers from the moment they start looking for a ticket until they step through the gate, and to offer a safe, convenient way to connect buyers and sellers around the world. StubHub Cloud & Infrastructure Security Engineering is seeking a senior engineer to enhance our security posture within the cloud and infrastructure domains. The ideal candidate will have extensive experience in cloud security architecture, network security, and infrastructure automation, with familiarity in container and operating system security. Location: Hybrid (3 days in office/2 days remote) – New York, NY or Santa Monica, CA or Aliso Viejo, CA What You'll Do
Develop secure Cloud Account Architectures, focusing primarily on AWS, understanding and navigating trade-offs of various cloud architectures. Design and implement network security strategies leveraging security groups, NACLS, routing domains, and multi-tiered subnet architectures for defense-in-depth. Manage critical security logging and monitoring infrastructure for cloud-native and third-party data sources, ensuring efficient shipping to Data Lakes and integration with visualization platforms. Operate and manage Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP) such as Wiz, Orca, Palo Alto Networks Prisma, and Rapid7. Deploy configurations and infrastructure using Infrastructure as Code (IaC) frameworks (Terraform, CloudFormation, Pulumi). Develop and implement governance strategies for infrastructure deployment that integrate security best practices and enhance developer productivity. Architect and implement workload identity services, such as SPIRE (Spiffe), in a heterogeneous multi-cloud environment. Architect and maintain PKI and secrets management platforms to ensure secure storage and access to sensitive information. Write and maintain production-quality APIs to automate security processes, benefiting infrastructure and developer workflows. What You've Done
Expert level experience in AWS cloud account architecture. Expert level knowledge in Network Security, including AWS networking primitives (Security Groups, NACLS, Subnetting, Routing, egress filtering). Expert level proficiency in Identity & Access Management (IAM) Security, including architecting AWS IAM roles & policy architectures for human and machine access. Expert level communication skills and ability to work across teams. Expert level experience deploying and maintaining configurations and infrastructure using Terraform. Expert level experience with modern CSPM and CWPP tools (e.g., Wiz, Orca, Prisma, Rapid7). Intermediate level experience with Secrets / key Management Platforms (e.g., AWS KMS, AWS Secrets Manager, HashiCorp Vault). Expert level experience in IaC governance strategies that balance security and developer productivity. Intermediate level experience in Spire (Spiffe) and Service Mesh. Intermediate level proficiency in Python or Go, and Bash scripting. Intermediate level experience in container & operating system hardening. Intermediate level experience in building & maintaining Web Application Firewalls. Intermediate level familiarity with security frameworks (PCI DSS, CIS, ISO 27001, NIST CSF). Preferred Skills And Qualifications
Intermediate level experience in architecting & implementing internal PKI & Secrets Management services. Intermediate level knowledge of Kubernetes (K8s) Security foundations, including admission controllers, K8s Network Policies, K8s RBAC, and K8s Ingress architectures. Intermediate level proficiency in DDoS mitigation techniques using AWS Shield, CDN traffic scrubbing, and origin protection mechanisms. Intermediate level proficiency in Azure. What We Offer
Accelerated Growth Environment: An environment designed for swift skill and knowledge enhancement, with autonomy to lead experiments at scale. Top Tier Compensation Package: Competitive base, equity, and upside aligned with impact. Flexible Time Off: Unlimited Flex Time Off to support work-life balance. Comprehensive Benefits Package: 401k and premium Health, Vision, and Dental Insurance options. Salary Range : $200,000—$275,000 USD. Actual compensation will vary based on qualifications, skills, experience, and competencies. About Us
StubHub is the world’s leading marketplace to buy and sell tickets to live events, serving customers in 195 countries in 33 languages and 49 currencies. We offer a wide selection of events and strive to provide the safest, most convenient way to participate in live experiences. California Residents : California Job Applicant Privacy Notice found here EEO Statement : We are an equal opportunity employer and value diversity on our team. We do not discriminate on the basis of race, color, religion, sex, national origin, gender, sexual orientation, age, disability, veteran status, or any other legally protected status. Seniority level
Mid-Senior level Employment type
Full-time Job function
Engineering and Information Technology Industries Software Development
#J-18808-Ljbffr
StubHub is on a mission to redefine the live event experience on a global scale. We aim to delight fans and sellers from the moment they start looking for a ticket until they step through the gate, and to offer a safe, convenient way to connect buyers and sellers around the world. StubHub Cloud & Infrastructure Security Engineering is seeking a senior engineer to enhance our security posture within the cloud and infrastructure domains. The ideal candidate will have extensive experience in cloud security architecture, network security, and infrastructure automation, with familiarity in container and operating system security. Location: Hybrid (3 days in office/2 days remote) – New York, NY or Santa Monica, CA or Aliso Viejo, CA What You'll Do
Develop secure Cloud Account Architectures, focusing primarily on AWS, understanding and navigating trade-offs of various cloud architectures. Design and implement network security strategies leveraging security groups, NACLS, routing domains, and multi-tiered subnet architectures for defense-in-depth. Manage critical security logging and monitoring infrastructure for cloud-native and third-party data sources, ensuring efficient shipping to Data Lakes and integration with visualization platforms. Operate and manage Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP) such as Wiz, Orca, Palo Alto Networks Prisma, and Rapid7. Deploy configurations and infrastructure using Infrastructure as Code (IaC) frameworks (Terraform, CloudFormation, Pulumi). Develop and implement governance strategies for infrastructure deployment that integrate security best practices and enhance developer productivity. Architect and implement workload identity services, such as SPIRE (Spiffe), in a heterogeneous multi-cloud environment. Architect and maintain PKI and secrets management platforms to ensure secure storage and access to sensitive information. Write and maintain production-quality APIs to automate security processes, benefiting infrastructure and developer workflows. What You've Done
Expert level experience in AWS cloud account architecture. Expert level knowledge in Network Security, including AWS networking primitives (Security Groups, NACLS, Subnetting, Routing, egress filtering). Expert level proficiency in Identity & Access Management (IAM) Security, including architecting AWS IAM roles & policy architectures for human and machine access. Expert level communication skills and ability to work across teams. Expert level experience deploying and maintaining configurations and infrastructure using Terraform. Expert level experience with modern CSPM and CWPP tools (e.g., Wiz, Orca, Prisma, Rapid7). Intermediate level experience with Secrets / key Management Platforms (e.g., AWS KMS, AWS Secrets Manager, HashiCorp Vault). Expert level experience in IaC governance strategies that balance security and developer productivity. Intermediate level experience in Spire (Spiffe) and Service Mesh. Intermediate level proficiency in Python or Go, and Bash scripting. Intermediate level experience in container & operating system hardening. Intermediate level experience in building & maintaining Web Application Firewalls. Intermediate level familiarity with security frameworks (PCI DSS, CIS, ISO 27001, NIST CSF). Preferred Skills And Qualifications
Intermediate level experience in architecting & implementing internal PKI & Secrets Management services. Intermediate level knowledge of Kubernetes (K8s) Security foundations, including admission controllers, K8s Network Policies, K8s RBAC, and K8s Ingress architectures. Intermediate level proficiency in DDoS mitigation techniques using AWS Shield, CDN traffic scrubbing, and origin protection mechanisms. Intermediate level proficiency in Azure. What We Offer
Accelerated Growth Environment: An environment designed for swift skill and knowledge enhancement, with autonomy to lead experiments at scale. Top Tier Compensation Package: Competitive base, equity, and upside aligned with impact. Flexible Time Off: Unlimited Flex Time Off to support work-life balance. Comprehensive Benefits Package: 401k and premium Health, Vision, and Dental Insurance options. Salary Range : $200,000—$275,000 USD. Actual compensation will vary based on qualifications, skills, experience, and competencies. About Us
StubHub is the world’s leading marketplace to buy and sell tickets to live events, serving customers in 195 countries in 33 languages and 49 currencies. We offer a wide selection of events and strive to provide the safest, most convenient way to participate in live experiences. California Residents : California Job Applicant Privacy Notice found here EEO Statement : We are an equal opportunity employer and value diversity on our team. We do not discriminate on the basis of race, color, religion, sex, national origin, gender, sexual orientation, age, disability, veteran status, or any other legally protected status. Seniority level
Mid-Senior level Employment type
Full-time Job function
Engineering and Information Technology Industries Software Development
#J-18808-Ljbffr