Senior Application Security Engineer
Eventbrite is a people-first organization. Our goal of building the global platform for live experience relies on the foundation of top talent and strong company culture. Our team is the face of Eventbrite, and we’re charged with finding, attracting, and bringing on the best of the best to drive Eventbrite’s growing business and award-winning culture forward. Hiring the best talent globally is no easy feat. However, we have a talented team who has an inspiring story and mission. Our perfect candidate is someone who can connect that vision and story with top-notch talent.
Eventbrite Security is responsible for all aspects of information security across the enterprise, including Web and Mobile application security, Security Awareness Training, Policy and Compliance, and a host of things in the middle. We’re charged with building the foundations that help protect the company’s information and our customer’s data.
We’re looking for a Senior Security Engineer to take ownership over the security of the cloud computing environments in use at Eventbrite. This will include defining and implementing best practices; partnering with Site Reliability, Data, and Product Engineering teams to define new requirements in the environments and ensure that policies are adhered to; implement tools and monitoring scripts which will track usage and conformance to policy and alert to outliers; defining, implementing, and reviewing IAM policies for use in the system; and researching how to best use cloud technology for future projects.
This role also includes mentoring of junior members on the team and other engineering staff, and research into the viability of tools for use in the DevSecOps workflows (such as key management, crypto, data sanitization, etc).
THE TECH STACK
- HAProxy + nginx and Python/Django + uwsgi
- Frontend frameworks including React/Redux, Marionette, and Backbone
- Frontend tooling including Webpack, Grunt, and Yarn
- Templating systems including Mako and Handlebars
- Data layers including MySQL, Cassandra, Redis and Memcached
- DevOps tooling like Docker, Jenkins, Vault, and Consul
- AWS infrastructure including EC2, ECR, and VPC
THE SKILL SET
- 8+ years of experience with security engineering in e-commerce, internet, or social networking settings
- Strong knowledge of UNIX operating systems, command line usage, and system administration
- Proven ability to guide engineering teams through information security design requirements
- Advanced programming abilities in Python (Strongly Preferrred) or similar programming language
- Advanced knowledge of the Amazon Web Services environment and underlying security model
- Mastery of security principles including confidentiality and integrity of data, authentication and authorization protocols, and other cryptographic protocols
- Deep understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies
- Bachelor or Masters Degree in Computer Science or comparable field
- AWS Certifications
- Experience with security compliance frameworks such as PCI-DSS, SOC2, ISO27001, etc.
Eventbrite is a global ticketing and event technology platform, powering millions of live experiences each year. We empower creators of events of all shapes and sizes – from music festivals, experiential yoga, political rallies to gaming competitions –– by providing them the tools and resources they need to seamlessly plan, promote, and produce live experiences around the world. Last year, the team served 795,000 creators hosting nearly 4 million experiences across 170 countries. Meet some of the Britelings that make it happen.
IS THIS ROLE NOT AN EXACT FIT?
Eventbrite is a proud equal opportunity/affirmative action employer supporting workforce diversity. We do not discriminate based upon race, ethnicity, ancestry, citizenship status, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), marital status, registered domestic partner status, caregiver status, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, genetic information, military or veteran status, mental or physical disability, political affiliation, status as a victim of domestic violence, assault or stalking, or other applicable legally protected characteristics.
Back to top