Application Security EngineerSan Francisco, California Requisition Number R0029155 Subsidiary StubHub
StubHub is looking for an Application Security Engineer who brings extensive experience with JAVA/J2EE Programming. Looking for someone who can do Audit & Review code and provide recommendation on best practices related to application security.
We are looking for someone who is proficient with one or more of the following tools: SD Elements, Checkmarx Static Scanner, AquaSec Docker Container Scanner, Synopsis Seeker IAST OWASP Vulnerability Validation Suite, and Qualys Vulnerability Scanner
See the complete details below:
- This position is a Senior individual contributor role in our Application Security team. The team delivers application security frameworks and general framework guidance for StubHub.
- You will be developing security software for StubHub’s Cloud, and providing the next generation of real time Application security software to protect the StubHub site from attacks.
- The position requires good understanding of architecture, design and coding in multiple application security platforms and framework functions.
- Successful candidates will be familiar with delivering application security solutions on platforms transitioning to host-based security with Layer 7 encryptions from firewall based protections.
- Lead cross functional teams to complete projects and major initiatives using judgment and growing experience. Collaborate with Cloud, IT, Engineering, and Operations architects to understand the solution architecture and then fully articulate the security design of the platform.
- Conduct application development and deployment methodologies, processes, and testing automation. Develop policy and operational processes to insure high availability and service of entire technology stack, from front-end web traffic to back-end big-data infrastructure.
- Help to design and build distributed systems and reliable, fault tolerant software.
- Help to design and build HA production-grade solutions on virtualized and cloud based environments.
- Work in a team environment.
- Master’s degree, or foreign equivalent, in Computer Science, Engineering or closely related quantitative discipline and seven (7) years of large scale, full life cycle development experience (if Masters in Engineering) or 9 + years (if Bachelors in Engineering), preferably 3+ years as a lead engineer.
- 3 + years in Java programming implementing large scale, high availability, fault-tolerant web infrastructure, with clear concept of concurrency in Java, Java security APIs, features and performance
- Excellent communication and interpersonal skills.
- Ability to thrive in a high-pressured environment and crisis situations.
- Ability to multi-task multiple projects at once and drive for results independently.
Special Skill Requirements:
- Experience must include the following:
- Java, Python, NodeJS, Spring, Apache, Tomcat, JSON, XML, and JBoss
- Open Source PaaS frameworks such as Pivotal Cloud Foundry, Cloudify or OpenShift
- GCP, AWS and Azure cloud services such as Openstack and KVM
- Mobile and Native application development familiarity
- React/CSS/HTML/JS development
- VMWare, Hyper-V, Docker, Kubernetes
- The application of threat modeling or other risk identification techniques
- SD Elements, Checkmarx Static Scanner, AquaSec Docker Container Scanner, Synopsis Seeker IAST OWASP Vulnerability Validation Suite, and Qualys Vulnerability Scanner
- Deployment and Management, CI/CD integration, Jenkins, Concourse, and BOSH
- Strong understanding of application security patterns including web application security (OWASP top 10, XSS, injection vulnerabilities, CSRF, platform security hardening), and mobile security (device fingerprinting, Mobile authentication and key exchange) strategies.
- Strong knowledge of industry trends in security technology
- Expertise in developing and implementing one or more of the following: Identity and Access Management, SSO, SAML, Open ID, OAuth2 or 2FA technologies.
View our accessibility info
eBay Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, veteran status, and disability, or other legally protected status. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at firstname.lastname@example.org. We will make every effort to respond to your request for disability assistance as soon as possible.
For more information see:
Not ready to apply yet? Email this job to yourself