Security Operations Engineer II

United States·New Yorkmid

Security Operations EngineerCybersecurity

0 views0 saves0 applied

Apply Now

Quick Summary

Key Responsibilities

Incident Response Lead and coordinate security incident response end-to-end: detection, triage, containment, eradication, recovery,

Technical Tools

Security Operations EngineerCybersecurity

StubHub is on a mission to redefine the live event experience on a global scale. Whether someone is looking to attend their first event or their hundredth, we’re here to delight them all the way from the moment they start looking for a ticket until they step through the gate. The same goes for our sellers. From fans selling a single ticket to the promoters of a worldwide stadium tour, we want StubHub to be the safest, most convenient way to offer a ticket to the millions of fans who browse our platform around the world.

The Security Operations team owns incident response, threat detection, SIEM engineering, log management, and third-party security risk forming the frontline defense for StubHub's global operations.

As a Security Operations Engineer you will bring deep hands-on experience in incident response and threat detection. You will help extend the existing tooling, automation, and detection infrastructure that enables the team to operate at scale. This is not a purely operational role; we are looking for an engineer who writes production-quality code to solve security problems, architects detection pipelines, and help mature StubHub’s SOC-less approach to Detection & Response.

You will work closely with Cloud and Infrastructure Security, Identity Engineering, and cross-functional stakeholders. Your work will directly shape how StubHub detects, responds to, and learns from threats.

Location: Hybrid (3 days in office/2 days remote) – New York, NY or Century City, CA

What You'll Do:

Incident Response
- Lead and coordinate security incident response end-to-end: detection, triage, containment, eradication, recovery, and post-incident review
- Develop and maintain incident response playbooks
- Drive root cause analysis and translate findings into durable improvements to detection and prevention capabilities
- Act as an escalation point for complex or high-severity incidents across the organization
Threat Detection
- Design, build, and tune detection rules, event correlation logic, and behavioral analytics across cloud, endpoint, network, and application data sources
- Assist in maintaining a threat model for StubHub's environment and mapping detection coverage to the MITRE ATT&CK framework
- Proactively hunt for threats and indicators of compromise across the environment
- Collaborate with red team and pen test partners to validate detection coverage and identify gaps
SIEM & Log Engineering
- Continually improve SIEM capabilities including data ingestion pipelines, normalization, enrichment, and alerting workflows
- Own log collection strategy: define what gets collected, at what fidelity, and for how long across cloud providers, SaaS applications, endpoints, and internal services
- Write and maintain parsers, ETL pipelines, and data transformation logic to ensure high-quality signal in the SIEM
- Own and operate security tooling where needed (SIEM, SOAR, EDR, etc.)
Security Automation & Tooling
- Write internal software in Python, Go, or similar to automate detection, response, enrichment, and reporting workflows
- Build integrations between security tools, internal APIs, and third-party services to accelerate analyst workflows and reduce mean time to respond
- Develop dashboards, metrics, and reporting to communicate operational health and coverage to security leadership
- Contribute to shared security infrastructure and internal libraries used across the security engineering organization
Third-Party Security
- Support the third-party security program by evaluating vendor security posture, reviewing assessments, and triaging risk findings
- Build or maintain tooling to automate third-party risk intake, tracking, and reporting
- Collaborate with Legal, Procurement, and Engineering to ensure third-party risks are identified and remediated appropriately

Responsibilities

~1 min read

→3+ years of experience in security engineering, security operations, or a related discipline
→Demonstrated, hands-on experience leading incident response efforts, including complex, multi-system investigations
→Strong threat detection engineering experience: writing detection rules, tuning alerts, building correlation logic, and reducing false positive rates at scale
→Proficiency in at least one programming or scripting language (Python strongly preferred; Go, Ruby, or Bash also relevant) — you regularly write code to solve security problems, not just configure tools
→Deep familiarity with SIEM platforms (e.g., Splunk, ELK, Chronicle, Panther, or similar) including query languages and datra data onboarding.
→Experience with cloud environments (AWS, GCP, or Azure) and the associated log sources, threat models, and detection strategies
→Strong understanding of attacker tactics, techniques, and procedures (TTPs); experience mapping detections to MITRE ATT&CK
→Excellent written and verbal communication skills; able to convey technical risk clearly to non-technical stakeholders

Nice to Have

~1 min read

Experience operating in a SOC environment, either in-house or as part of an MSSP
Familiarity with SOAR platforms and automation-driven response workflows
Experience with threat intelligence platforms and operationalizing threat feeds into detection pipelines
Prior involvement in third-party or vendor security risk programs
Experience at high-growth technology companies or marketplaces where scale and velocity present unique security challenges
Familiarity with data engineering concepts — streaming pipelines, schema design, log normalization — applied to security contexts
Relevant certifications (GCIH, GCIA, GCFE, OSCP, or equivalent) are a plus, but not required

What We Offer

~2 min read

✓Accelerated Growth Environment: An environment designed for swift skill and knowledge enhancement, where you have the autonomy to lead experiments and tests on a massive scale.

✓Top Tier Compensation Package: Competitive base, equity, and upside that tracks with your impact.

✓Flexible Time Off: Enjoy unlimited Flex Time Off, giving you the flexibility to manage your schedule and take time to recharge as needed.

✓Comprehensive Benefits Package: Prioritize your well-being with a comprehensive benefits package, featuring 401k, and premium Health, Vision, and Dental Insurance options.