StubHub is on a mission to redefine the live event experience on a global scale. Whether someone is looking to attend their first event or their hundredth, we’re here to delight them all the way from the moment they start looking for a ticket until they step through the gate. The same goes for our sellers. From fans selling a single ticket to the promoters of a worldwide stadium tour, we want StubHub to be the safest, most convenient way to offer a ticket to the millions of fans who browse our platform around the world.

Help protect StubHub and our users.

The StubHub security team is dedicated to continually improving the security of our company and its users. Our users trust us to store and process their most sensitive information. The security team brings security to the forefront in everything StubHub does. Security concerns are ever-evolving, making our team work in a deeply dynamic environment.

Every single day is different, you may be investigating a reported phishing email, analyzing a recent incident, implementing better monitoring and defenses, or working with the infrastructure team to ensure vulnerabilities are being patched/remediated. As a Security team member, you have a say in what the priorities are, based on the risk.

What You'll Do:

• You will focus on protecting the company from internal and external threats, remediate security alerts, perform research, complete analysis, and propose and implement architectural changes to improve the security posture of StubHub.
• You will measure risk in a way that informs and prioritizes action and use metrics to train our users in ways that prevent the creation of new vulnerabilities.
• You will serve as a trusted resource and respond to internal security engineering questions/requests
• You will work with other teams to entrench a culture of Security throughout the product lifecycle and help architect solutions that are inherently secure
• You will correctly balance security risk and product advancement
• You will work towards providing a minimum number of false positives and provide automated responses to alerts produced by our monitoring tools
• You will aid with the implementation of bug fixes on discovered bugs or vulnerabilities, whether they are discovered by your own vulnerability mgmt. tools or as part of our bounty program
• You will analyze security alerts and reported phishing emails to quickly assess, prioritize, and remediate or contain threats
• You will support the delivery of the IT third-party risk management program
• You will be involved in reactive incident response when a security event occurs
• You will perform research to detect new attack vectors
• You will create and execute training exercises to advance users’ security knowledge
• You will research, architect, and execute solutions that will advance internal security monitoring & controls

• 2-3 years or prior experience across one or more IT Security domains (e.g.: asset/network security, identity, assessment, or operations)
• Experience with vulnerability management software (e.g., Rapid7) to test and identify systems and network vulnerabilities
• Prior experience as an incident response engineer in a 24x7 worldwide organization
• Prior experience leading a user awareness program (phishing exercises, user training)
• Prior experience with the Microsoft 365 Defender suite and Microsoft Azure’s security related features (PIM, Conditional Access Policies, Cloud App security)
• Knowledge of Exchange Online security features and general email system concepts such as DKIM, DMARC, SPF…
• Familiarity with core security frameworks (e.g., PCI DSS, NIST 27001, NIST CSF, CIS)
• Experience ensuring that the organization’s data and infrastructure are protected by enabling the appropriate security controls
• Familiarity with change management processes
• Familiarity with scripting in PowerShell/Python
• Superb problem-solving skills
• Penetration testing experience is not required, but demonstrating intellectual curiosity is a plus. 

• Accelerated Growth Environment: Immerse yourself in an environment designed for swift skill and knowledge enhancement, where you have the autonomy to lead experiments and tests on a massive scale.
• Top Tier Compensation Package: Enjoy a rewarding compensation package that includes enticing stock incentives, aligning with our commitment to recognizing and valuing your contributions.
• Flexible Time Off: Embrace a healthy work-life balance with unlimited Flex Time Off, providing you the flexibility to manage your schedule and recharge as needed.
• Comprehensive Benefits Package: Prioritize your well-being with a comprehensive benefits package, featuring 401k, and premium Health, Vision, and Dental Insurance options.
• Team-Building Events: Engage in vibrant team events that foster camaraderie and collaboration, creating an atmosphere where your professional and personal growth are celebrated.

The anticipated gross salary range for this role is $125,000-$180,000 per year. Actual compensation will vary depending on factors such as a candidate’s qualifications, skills, experience, and competencies. Base annual salary is one component of StubHub’s total compensation and competitive benefits package, which includes equity, 401(k), paid time off, paid parental leave, and comprehensive health benefits.

California Job Applicant Privacy Notice found here

About Us

StubHub is the world’s leading marketplace to buy and sell tickets to any live event, anywhere. Through StubHub in North America and viagogo, our international platform, we service customers in 195 countries in 33 languages and 49 available currencies. With more than 300 million tickets available annually on our platform to events around the world -- from sports to music, comedy to dance, festivals to theater -- StubHub offers the safest, most convenient way to buy or sell tickets to the most memorable live experiences. Come join our team for a front-row seat to the action. 

We are an equal opportunity employer and value diversity on our team. We do not discriminate on the basis of race, color, religion, sex, national origin, gender, sexual orientation, age, disability, veteran status, or any other legally protected status.