Title: Security Operations Engineer II Location: Los Angeles, California, United States Job Description: StubHub is on a mission to redefine the live event experience on a global scale. Whether someone is looking to attend their first event or their hundredth, we’re here to delight them all the way from the moment they start looking for a ticket until they step through the gate. The same goes for our sellers. From fans selling a single ticket to the promoters of a worldwide stadium tour, we want StubHub to be the safest, most convenient way to offer a ticket to the millions of fans who browse our platform around the world. The Security Operations team owns incident response, threat detection, SIEM engineering, log management, and third-party security risk forming the frontline defense for StubHub's global operations. As a Security Operations Engineer you will bring deep hands-on experience in incident response and threat detection. You will help extend the existing tooling, automation, and detection infrastructure that enables the team to operate at scale. This is not a purely operational role; we are looking for an engineer who writes production-quality code to solve security problems, architects detection pipelines, and help mature StubHub’s SOC-less approach to Detection & Response. You will work closely with Cloud and Infrastructure Security, Identity Engineering, and cross-functional stakeholders. Your work will directly shape how StubHub detects, responds to, and learns from threats. Location: Hybrid (3 days in office/2 days remote) – New York, NY or Century City, CA What You'll Do: Incident Response - Lead and coordinate security incident response end-to-end: detection, triage, containment, eradication, recovery, and post-incident review - Develop and maintain incident response playbooks - Drive root cause analysis and translate findings into durable improvements to detection and prevention capabilities - Act as an escalation point for complex or high-severity incidents across the organization Threat Detection - Design, build, and tune detection rules, event correlation logic, and behavioral analytics across cloud, endpoint, network, and application data sources - Assist in maintaining a threat model for StubHub's environment and mapping detection coverage to the MITRE ATT&CK framework - Proactively hunt for threats and indicators of compromise across the environment - Collaborate with red team and pen test partners to validate detection coverage and identify gaps SIEM & Log Engineering - Continually improve SIEM capabilities including data ingestion pipelines, normalization, enrichment, and alerting workflows - Own log collection strategy: define what gets collected, at what fidelity, and for how long across cloud providers, SaaS applications, endpoints, and internal services - Write and maintain parsers, ETL pipelines, and data transformation logic to ensure high-quality signal in the SIEM - Own and operate security tooling where needed (SIEM, SOAR, EDR, etc.) Security Automation & Tooling - Write internal software in Python, Go, or similar to automate detection, response, enrichment, and reporting workflows - Build integrations between security tools, internal APIs, and third-party services to accelerate analyst workflows and reduce mean time to respond - Develop dashboards, metrics, and reporting to communicate operational health and coverage to security leadership - Contribute to shared security infrastructure and internal libraries used across the security engineering organization Third-Party Security - Support the third-party security program by evaluating vendor security posture, reviewing assessments, and triaging risk findings - Build or maintain tooling to automate third-party risk intake, tracking, and reporting - Collaborate with Legal, Procurement, and Engineering to ensure third-party risks are identified and remediated appropriately What You've Done: - 3+ years of experience in security engineering, security operations, or a related discipline - Demonstrated, hands-on experience leading incident response efforts, including complex, multi-system investigations - Strong threat detection engineering experience: writing detection rules, tuning alerts, building correlation logic, and reducing false positive rates at scale - Proficiency in at least one programming or scripting language (Python strongly preferred; Go, Ruby, or Bash also relevant) — you regularly write code to solve security problems, not just configure tools - Deep familiarity with SIEM platforms (e.g., Splunk, ELK, Chronicle, Panther, or similar) including query languages and datra data onboarding. - Experience with cloud environments (AWS, GCP, or Azure) and the associated log sources, threat models, and detection strategies - Strong understanding of attacker tactics, techniques, and procedures (TTPs); experience mapping detections to MITRE ATT&CK - Excellent written and verbal communication skills; able to convey technical risk clearly to non-technical stakeholders Preferred Experience: Experience operating in a SOC environment, either in-house or as part of an MSSP Familiarity with SOAR platforms and automation-driven response workflows Experience with threat intelligence platforms and operationalizing threat feeds into detection pipelines Prior involvement in third-party or vendor security risk programs Experience at high-growth technology companies or marketplaces where scale and velocity present unique security challenges Familiarity with data engineering concepts — streaming pipelines, schema design, log normalization — applied to security contexts Relevant certifications (GCIH, GCIA, GCFE, OSCP, or equivalent) are a plus, but not required What We Offer: - Accelerated Growth Environment: An environment designed for swift skill and knowledge enhancement, where you have the autonomy to lead experiments and tests on a massive scale. - Top Tier Compensation Package: Competitive base, equity, and upside that tracks with your impact. - Flexible Time Off: Enjoy unlimited Flex Time Off, giving you the flexibility to manage your schedule and take time to recharge as needed. - Comprehensive Benefits Package: Prioritize your well-being with a comprehensive benefits package, featuring 401k, and premium Health, Vision, and Dental Insurance options. The anticipated gross base pay range is below for this role. Actual compensation will vary depending on factors such as a candidate’s qualifications, skills, experience, and competencies. Base annual salary is one component of StubHub’s total compensation and competitive benefits package, which includes equity, 401(k), paid time off, paid parental leave, and comprehensive health benefits. Salary Range $165,000—$200,000 USD About Us StubHub is the world’s leading marketplace to buy and sell tickets to any live event, anywhere. Through StubHub in North America and viagogo, our international platform, we service customers in 195 countries in 33 languages and 49 available currencies. With more than 300 million tickets available annually on our platform to events around the world -- from sports to music, comedy to dance, festivals to theater -- StubHub offers the safest, most convenient way to buy or sell tickets to the most memorable live experiences. Come join our team for a front-row seat to the action. For California Residents: California Job Applicant Privacy Notice found here We are an equal opportunity employer and value diversity on our team. We do not discriminate on the basis of race, color, religion, sex, national origin, gender, sexual orientation, age, disability, veteran status, or any other legally protected status.

• Conduct threat modeling and security design reviews for new features • Perform secure code reviews and provide actionable feedback • Deploy and maintain security tooling across the development lifecycle • Partner with platform engineering on infrastructure and environment security • Contribute to incident response for security events • Drive vulnerability triage and prioritization across teams • Partner with sales and legal responding to customer and vendor questionnaires • Support compliance audit cycles by gathering evidence and documenting controls • Monitor and respond to alerts from endpoint, cloud, and application security tools • Maintain and improve security runbooks and process documentation

Role Description As a Domain Consultant for SOC Transformation you will be the expert for our Cortex portfolio, a Next-Gen AI-powered security operations platform. You will play a key role in defining technical solutions that secure a customer’s key business imperatives. You evangelize our industry leading solutions in Security Intelligence and Automation, XDR, Attack Surface Management, SOAR and Incident Response that establish Palo Alto Networks as a customer’s cybersecurity partner of choice. - Collaborate with account teams to recommend and develop customer solutions within your assigned specialization area. - Present to customers as our expert at all levels in the customer hierarchy, from practitioner to senior leadership. - As the main technical point of contact for Cortex, assist and collaborate to respond effectively to RFIs/RFPs. - Lead and support customer demonstrations that showcase our unique value proposition. - Scope and lead Proof of Value (PoV) projects for prospective customers and partners based on best practices to ensure technical win in your assigned opportunities. - Drive high technical validation and PoV win rates within your assigned specialization area. - Responsible for discussing and highlighting product alignment with customer requirements and differentiation. - Architect solutions that will help our customers strengthen and simplify their security posture. - Document High-Level Design and Key Use Cases to ensure proper implementation and value realization of Palo Alto Networks Solutions. - Help our customers build and develop further their services around Cortex solutions. - Lead conversations about industry trends and emerging changes to the security landscape. - Discuss, with credibility, competitive offers in the marketplace and position ours as the best alternative. - Position Palo Alto Networks or Partner delivered services as appropriate to ensure proper implementation and value realization of Palo Alto Networks solutions. - Act as a conduit for customer feedback to Product Management, Technical Marketing, competitor intelligence, and R&D to create requirements and deliver product features for our customers. Qualifications - 3+ years experience in Security Operations or pre-sales/sales engineering within SIEM, SOAR, SOC, and/or XDR/EDR environments or graduate of Palo Alto Networks Academy Program. - IBM QRadar design, deployment, and/or pre-sales experience highly desirable. - Experience in working with customers, demonstrating problem-solving skills and a can-do attitude. - Solid understanding of Security Operations Center processes. - Knowledge of SIEM and/or SOAR solutions. - Scripting experience is a plus - Python preferred. - This is a field sales position where travel requirements may be required to support in person customer meetings, please discuss with the recruiter on the specifics for this position. - Proficient in English. Company Description Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics. All your information will be kept confidential according to EEO guidelines.

Role Description Baringa’s TeCy Group (Technology & Cyber) is a global function supporting the firm as it enters new markets. We’re on a mission to develop great technology products and deliver great services. We’ve installed a new operating system for ourselves and rebooted what was a corporate IT department to an in-house technology company - transforming the way we work and opening the way to serve Baringa’s clients directly. We’re working on sustainability, committed to Net Zero in our supply-chain and services. We’re keeping our firm safe: protecting our data and our reputation. We are embarking upon and will be the driving force behind a new 3-Year digital strategy for the firm. We are currently looking for a Cyber Security Analyst to join our Defensive Operations Section within the wider Cyber Security Team where you will play a key role in protecting the company from cyber vulnerabilities and attacks, as well as ensuring the company’s security programme keeps up with the growing business. The role reports to the Head of DefOps, contributing to the effective delivery of security processes and tooling to enable proportionate and effective application of security controls. You will be responsible for the technical configuration, maintenance, and operation of the security tooling. You will be a key member of a growing team in a dynamic company, helping to define new ways of working using modern security architectures and tools. Baringa will work with you to develop a personal training pathway and gain recognised security certifications. We are always evolving and there is a constant stream of exciting challenges and opportunities for us to work towards, together as a team. - Perform vulnerability scans, analysis, and prioritise identified weaknesses, working with the Technology Team to remediate identified issues. - Collate alerts from security tooling, perform triage, prioritise and where appropriate escalate for further action. - Act as the first point of contact for security incidents, providing timely responses, coordination, and communication throughout all stages - including liaison with any 3rd party security providers. - Perform hands-on investigations to analyse incidents, identify suspicious behaviour, gather evidence, and build on lessons learned to prevent their recurrence. - Research and implement new security technologies to better protect company information and assets. - Participate in the response to RFPs, third party audit and assurance activities. - Lead on and produce technical security MI in support of governance and vulnerability management engagements. - Provide ‘hands on’ assistance, particularly in technical control implementation or administration where needed. - Work as part of a team to communicate ideas, suggestions and solutions that achieve the firm’s long-term objectives. Qualifications - Experience in full-time Cyber/Information Security or IT operational role. - CompTIA Security+, GIAC Security Essentials or equivalent. - Experience of the Microsoft Technology Stack. - Hands-on experience with security technologies such as: Security operations, IT 2nd line support, server or network administration/configuration or application testing or development. - Growth mentality with excellent problem-solving skills, willing to assist in all areas of CyberSec and to learn new technologies & processes. - A self-motivated individual with a “can do” attitude, who can work on their own initiative as well as part of a team. - An excellent communicator who can help develop good InfoSec practices with an ability to interact with all levels within the company. - Experience with security tooling, i.e. MS Defender and Sentinel, vulnerability scanners, Intrusion Detection Systems (IDS), firewalls, web and email filtering, endpoint protection, and mobile device management (MDM). - Computer science or IT security related degree. Benefits - The chance to operate at the forefront of our industries. - Good work-life balance with flexible working solutions. - Promotion based on performance with two promotional reviews a year. - Ability to work closely with senior stakeholders both within Baringa TeCY and beyond. - Control over your training and development. - A people first culture focused on employee wellbeing.