Lead Software Engineer, Security

<h3><strong>SeatGeek believes live events are powerful experiences that unite humans. With our technological savvy and fan-first attitude we’re simplifying and modernizing the </strong><strong>ticketing industry.</strong></h3> <p>SeatGeek is looking for a security engineering professional for our Security team. As a Lead Software Engineer, Security, you’ll be involved in a mix of incident response, threat hunting, security engineering, and a trace of red teaming.</p> <p>You’ll be leading critical security initiatives that strengthen our secure-by-default posture across our platform, products, and company. You’ll pair architectural guidance with hands-on engineering — building paved roads, tooling, and automated detection/response that scale. You’ll operate in a fast-paced, collaborative environment, partnering with both engineering and non-engineering teams to reduce risk without slowing builders down. As a lead engineer, you’ll own high-impact work end-to-end, mentor teammates, and help shape the roadmap and culture that make the secure path the easy path — from cloud and code to laptops, identity, email, and awareness.</p> <h3><strong>What you'll do</strong></h3> <ul> <li>Deliver proactive, secure-by-default protections across the stack (cloud, CI/CD, applications, and endpoints) by creating paved roads and guardrails that reduce risk at scale and become the default way to build</li> <li>Provide practical security guidance on new products and technologies, emphasizing secure-by-default patterns that fit seamlessly into existing workflows</li> <li>Lead design reviews and threat modeling for high-impact features and services; identify risks early and ensure mitigations are designed in</li> <li>Build and scale security tooling that prevents issues at build/deploy time and automates detection and response in production</li> <li>Evolve our detection and incident response capabilities — improve signal quality, tune detections, and implement automated responders to reduce manual toil and time to contain</li> <li>Partner across business functions to strengthen company-wide security: endpoint and device trust, identity and email protections, security awareness and training, vendor reviews and risk assessments, and support for compliance (e.g., PCI/SOX)</li> <li>Protect SeatGeek from abuse and bots at the edge and app layers through layered defenses and tuning</li> <li>Lead and participate in notable security incidents and tabletops; improve runbooks, processes, and stakeholder communications after each event</li> <li>Mentor engineers, uplevel secure coding practices, and contribute to a positive, pragmatic security culture across the company</li> </ul> <h3><strong>What you have</strong></h3> <ul> <li>5+ years of broad, hands-on experience across multiple security domains, with strong software engineering fundamentals; track record of leading cross-domain security projects end-to-end (from design through rollout and adoption)</li> <li>Proficiency in one or more programming languages (we use Python, Go, and C#); you write production-quality code and perform rigorous reviews for correctness and security</li> <li>Track record of partnering across product, platform, and business functions to drive company-wide security outcomes</li> <li>Proven ability to deliver holistic, scalable prevention across security domains (platform/cloud, applications, CI/CD, identity and endpoints), favoring paved roads and default guardrails over one-off fixes</li> <li>Ability to think like both an attacker and a defender — leveraging each perspective to strengthen the other and drive meaningful improvements in prevention, detection, and response</li> <li>Community contributions (research, talks/blogging/OSS) and hands-on bot/abuse mitigation experience are a plus</li> </ul> <h3><strong>Our stack</strong></h3> <p>You do not need experience with all of these, but we thought you might be curious. What we care about is your experience, skills, and approach to pro ... (truncated, view full listing at source)