Senior Cloud and Infrastructure Security Engineer

Los Angeles, CA
StubHub – Software Engineering /
Full-Time /
StubHub is on a mission to redefine the live event experience on a global scale. Whether someone is looking to attend their first event or their hundredth, we’re here to delight them all the way from the moment they start looking for a ticket until they step through the gate. The same goes for our sellers. From fans selling a single ticket to the promoters of a worldwide stadium tour, we want StubHub to be the safest, most convenient way to offer a ticket to the millions of fans who browse our platform around the world.

StubHub is looking for Senior Cloud Infrastructure Security Engineer to design and develop the next-generation technologies and complex features that change how millions of users explore, interact with and participate in live events worldwide. As a Senior Cloud Infrastructure Security Engineer, you will be an integral part of developing the team's commercial and product strategy and will be expected to be equally focused on user needs and to exercise good commercial (not just technical) judgement. Our Senior Cloud Infrastructure Security Engineers are essential for our company’s success, so they must show initiative and enthusiasm for the problems they solve.  

StubHub is committed to being a phenomenal and inclusive place to work. We expect that you will also be an advocate and mentor for your team members, displaying leadership qualities and being an example for those around you.  

This is a hybrid work opportunity, located out of Los Angeles, CA.

About the team:
StubHub Cloud & Infrastructure Security Engineering is seeking a senior engineer to enhance our security posture within the cloud and infrastructure domains. The perfect candidate will possess extensive experience in cloud security architecture, network security, and infrastructure automation, as well as a familiarity with container and operating system security. 

What You'll Do:

    • Develop secure Cloud Account Architectures, focusing primarily on AWS, while understanding and navigating the trade-offs of various cloud architectures. 
    • Design and implement network security strategies that leverage security groups, NACLS, routing domains, and multi-tiered subnet architectures to ensure a defense-in-depth approach. 
    • Manage critical security logging and monitoring infrastructure for cloud-native and third-party data sources, ensuring their efficient shipping to Data Lakes and integration with visualization platforms. 
    • Operate and manage Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP), such as Wiz, Orca, Palo Alto NetworksPrisma, and Rapid7 ICS. 
    • Deploy configurations and infrastructure using Infrastructure as Code (IaC) frameworks, such as Terraform, Cloud Formation, and Pulumi. 
    • Develop and implement governance strategies for infrastructure deployment that integrate security best practices and enhance developer productivity. 
    • Architect and implement workload identity services, such as SPIRE (Spiffe), in a heterogeneous multi-cloud environment. 
    • Architect and maintain PKI and secrets management platforms to ensure secure storage and access to sensitive information. 
    • Write and maintain production-quality APIs to automate security processes, benefiting infrastructure and developer workflows. 

Required Skills and Qualifications:

    • Expert level experience in AWS cloud account architecture. 
    • Expert level knowledge in Network Security, including experience with AWS networking primitives: Security Groups, Network Access Control Lists (NACLS), Subnetting, Routing, and egress traffic filtering mechanisms. 
    • Expert level proficiency in Identity & Access Management (IAM) Security, including experience with architecting AWS IAM roles & policy architectures for both human and machine access. 
    • Expert level communication skills and the ability to work effectively across teams. 
    • Intermediate level experience deploying and maintaining configurations and infrastructure using Terraform. 
    • Intermediate level experience with modern CSPM and CWPP tools (e.g., Wiz, Orca, Prisma, or Rapid7). 
    • Intermediate level experience with Secrets Management Platforms (e.g., AWS KMS, AWS Secrets Manager, Hashicorp Vault). 
    • Intermediate level experience in building and implementing IaC governance strategies that combine security best practices while enabling developer productivity. 
    • Intermediate level proficiency in Python or Go, and Bash scripting. 
    • Intermediate level experience in container & operating system hardening. 
    • Intermediate level experience in building & maintaining Web Application Firewalls. 
    • Intermediate level familiarity with security frameworks (e.g., PCI DSS, CIS, ISO 27001, NIST CSF). 

Preferred Skills and Qualifications:

    • Intermediate level experience in architecting & implementing internal PKI & Secrets Management services. 
    • Intermediate level experience in architecting & managing Spire (Spiffe) and Service Mesh services. 
    • Intermediate level knowledge of Kubernetes (K8s) Security foundations, including admission controllers, K8s Network Policies, K8s RBAC, and K8s Ingress architectures. 
    • Intermediate level proficiency in DDoS mitigation techniques using AWS Shield, CDN traffic scrubbing, and origin protection mechanisms. 
    • Intermediate level proficiency in Azure. 

What We Offer:

    • Accelerated Growth Environment: Immerse yourself in an environment designed for swift skill and knowledge enhancement, where you have the autonomy to lead experiments and tests on a massive scale.
    • Top Tier Compensation Package: Enjoy a rewarding compensation package that includes enticing stock incentives, aligning with our commitment to recognizing and valuing your contributions.
    • Flexible Time Off: Embrace a healthy work-life balance with unlimited Flex Time Off, providing you the flexibility to manage your schedule and recharge as needed.
    • Comprehensive Benefits Package: Prioritize your well-being with a comprehensive benefits package, featuring 401k, and premium Health, Vision, and Dental Insurance options.
    • Team-Building Events: Engage in vibrant team events that foster camaraderie and collaboration, creating an atmosphere where your professional and personal growth are celebrated.
The anticipated gross annual base salary range for this role is $200,000 – $275,000 per year. Actual compensation will vary depending on factors such as a candidate’s qualifications, skills, experience, and competencies. Base annual salary is one component of StubHub’s total compensation and competitive benefits package, which also includes equity, 401(k), paid time off, paid parental leave, and comprehensive health benefits.

California Job Applicant Privacy Notice found here

About Us 
StubHub is the world’s leading marketplace to buy and sell tickets to any live event, anywhere. Through StubHub in North America and viagogo, our international platform, we service customers in 195 countries in 33 languages and 49 available currencies. With more than 300 million tickets available annually on our platform to events around the world -- from sports to music, comedy to dance, festivals to theater -- StubHub offers the safest, most convenient way to buy or sell tickets to the most memorable live experiences. Come join our team for a front-row seat to the action. 

We are an equal opportunity employer and value diversity on our team. We do not discriminate on the basis of race, color, religion, sex, national origin, gender, sexual orientation, age, disability, veteran status, or any other legally protected status.