Uncubed
           

Security Software Engineer

Eventbrite, San Francisco, California

Online ticketing and registration


THE CHALLENGE
The Eventbrite Security team is charged with assessing risks to the business and assisting our internal teams to mitigate those risks. In some cases, there are engineering problems that are unique to security or require specialized skills to solve. The challenge is to provide software libraries, services, and aggregated data which allows other engineering teams to implement complex security routines in a unified manner.

THE TEAM
Eventbrite Security is responsible for all aspects of information security across the enterprise, including Web and Mobile application security, Security Awareness Training, Policy and Compliance, and a host of things in the middle. We’re charged with building the foundations that help protect the most sensitive data of our company and that of our customers.

THE ROLE
As a Security Software Engineer, you will be responsible for implementing code which abstracts complex security concepts such that engineers are "safe by default", able to opt out of safe behavior through explicit consent, providing high audibility, etc. You will interact with external systems to gather data for the purposes of asserting compliance to industry standards, patch levels, etc.

This role requires expertise  in web application security programming standards such that you can teach other engineers about OWASP Top Ten definitions, examples, preventions. You will implement detection and prevention mechanisms in the application against the OWASP Top Ten and other common web application vulnerabilities.
Additionally, expert knowledge of the Python programming language and the Django web application framework will be required to be both conversational with other development team and to be a proficient application developer for features and libraries needed by the Security team.

A strong understanding of the fundamentals of security engineering such as cryptography, access controls, confidentiality, integrity, and availability is required to communicate both within the Security and with other internal stakeholders needing software developed.

THE TECH STACK

  • AWS including EC2, VPC, KMS, S3 and other products
  • DevOps tools like Vault, Consul, Nomad, Jenkins, Docker
  • Databases like MySQL, Cassandra, Redia, and Memcache
  • Web Serving layers like HAProxy, Nginx, and Varnish

THE SKILL SET

  • 3+ years programming experience in Python or similar languages
  • Strong knowledge of the UNIX / Linux operating system
  • Experience with the Django web application framework
  • Knowledge of web application security, browser security models, and application security vulnerabilities such as the OWASP Top Ten
  • Understanding of security principles including confidentiality and integrity of data, authentication and authorization protocols, and other cryptographic protocols
  • Bachelor or Masters Degree in Computer Science or comparable field

BONUS POINTS

  • Expertise or certifications in a cloud environment such as AWS
  • Understanding of Cloud-based security services
  • Use of key management systems such as KMS, Vault, or similar
ABOUT EVENTBRITE
Eventbrite is the world’s largest ticketing and event technology platform, powering millions of live experiences around the globe. We build technology that allows anyone to create, share, find and attend events of all kinds. Music festivals, marathons, conferences, hackathons, political rallies, fundraisers, gaming competitions— you name it, we power it. Meet some of the team. 

IS THIS ROLE NOT AN EXACT FIT?

Eventbrite is a proud equal opportunity/affirmative action employer supporting workforce diversity.  We do not discriminate based upon race, ethnicity, ancestry, citizenship status, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), marital status, registered domestic partner status, caregiver status, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, genetic information, military or veteran status, mental or physical disability, political affiliation, status as a victim of domestic violence, assault or stalking, or other applicable legally protected characteristics.

FLSA Status: Exempt

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Please read our Applicant Privacy Notice to understand how we process your personal information when you apply for a job with us.

About Eventbrite

Eventbrite powers ticketing and registration for more than two million live experiences each year, hosting the world’s largest online selection of events. We build technology that allows anyone to create, share, find and attend events of all kinds. Music festivals, marathons, conferences, hackathons, political rallies, fundraisers, gaming competitions— you name it, we power it.

Want to learn more about Eventbrite? Visit Eventbrite's website.