Engineering Manager - Security Engineering

Engineering Manager - Security Engineering

Stub Hub is on a mission to redefine the live event experience on a global scale. Whether someone is looking to attend their first event or their hundredth, we’re here to delight them all the way from the moment they start looking for a ticket until they step through the gate. The same goes for our sellers. From fans selling a single ticket to the promoters of a worldwide stadium tour, we want Stub Hub to be the safest, most convenient way to offer a ticket to the millions of fans who browse our platform around the world.

We are seeking an Engineering Manager to lead our Cloud & Infrastructure Security and Security Operations teams within Enterprise Security. You will be responsible for designing secure-by-default infrastructure, hardening our cloud and network environments, and developing complementary detection and response capabilities. This role requires defining and executing roadmaps across two distinct security domains with a strong bias for automation, engineering rigor, and measurable outcomes.

Location:

Hybrid (3 days in office/2 days remote) – New York, NY or Santa Monica, CA or Aliso Viejo, CA or San Francisco, CA

• Lead and grow two high-performing security engineering teams while maintaining deep technical engagement across cloud security architecture, network security, detection & response, and endpoint security.
• Ensure the design and delivery of secure-by-default infrastructure and patterns, enabling self-service for engineering teams while reducing misconfiguration risk and accelerating development velocity.
• Lead the implementation of continuous attack surface monitoring, automated remediation pipelines, CSPM tooling, and IaC/infrastructure security scanning to proactively reduce risk.
• Own security domain roadmaps—leveraging technical expertise, threat modeling, and industry frameworks (e.g., NIST, CIS, MITRE ATT&CK) to drive systematic, data-informed risk reduction.
• Govern the building and operation of critical security services, ensuring operational excellence, reliability, scalability, and strong SLIs/SLOs.
• Drive deployment of advanced detection & response capabilities by developing visibility architectures, deploying and tuning EDR/XDR platforms, and implementing high-fidelity, behavior-driven detections.
• Establish and track security and reliability metrics that measure organizational risk posture, demonstrate improvements, and inform priority investments.
• Partner cross-functionally with product engineering, cloud infrastructure teams, SRE, compliance, and leadership to embed security into architecture, design reviews, and operational practices.
• Lead incident readiness and response programs, ensuring consistent processes, high signal/low noise alerting, and effective after‑action reviews.
• Mentor, coach, and develop engineers, fostering a team culture that balances security rigor with engineering velocity, innovation, and psychological safety.

• Meaningful improvements in customer-facing metrics (e.g., performance, reliability, relevance).
• On‑time, high‑quality delivery of initiatives tied to company objectives.
• Clear evidence of team growth, engagement, and performance.
• Demonstrated improvement in team operational metrics (e.g., velocity, quality, incident reduction).
• A strong pipeline of internal talent and a team that continuously improves its impact‑per‑head over time.

• 3+ years of experience managing security engineering or security operations teams, with a proven track record of building productive, effective, and collaborative engineering organizations.
• 7+ years of hands‑on experience in cloud and infrastructure security and software engineering, including AWS, Kubernetes, and large-scale distributed systems.
• Deep expertise in securing complex cloud environments, including threat modeling, architecture assessments, incident response, and risk prioritization.
• Strong cross‑functional collaborator, able to influence engineering and business stakeholders while balancing security requirements with product velocity and customer impact.
• Active member of the security community (open‑source…