SeatGeek Hacks the Hiring Process

ninja turtles SeatGeek Hacks the Hiring Process

Startup guys love pizza, cramped quarters and all nighters

Working at SeatGeek is sort of like joining a team of ninja killers. To enter the fold, you must prove yourself worthy.

When the startup was looking to hire a backend developer, for example, they received hundreds of bad applications for the few open slots. So they devised a challenge that would eliminate posers.

“All applicants must now submit their resume by solving a puzzle: they must hack into our backend jobs admin panel.”

This trial by fire worked so well, the SeatGeek team decided to apply it to non-coding position as well. The startup recently lost their director of communications, Ben Kessler, aka the Kessinator, aka Kesstronic 9000.

Instead of wading through resumes and CVs, the SeatGeek team devised a new challenge:

Our PR strategy uses the mountain of ticketing data we’ve collected over the past few years. Whenever a big story in sports or music breaks, we try to quantify fan sentiment through ticket prices. Reporters love this data; we get 3-4 press mentions per week. Examples of how we utilize our data are available on our blog and press page.

If this is a role that interests you, here’s how to apply using

  • Email with your resume attached
  • The email address will auto-respond with instructions on how to access a ticketing dataset
  • One you receive the data, use it to write a blog post of up to 300 words with a graph or chart. It’s unlikely that all the data-points in the dataset will be relevant the story you choose.
  • Post your article on You can easily create an account by going to For obvious reasons, we will only display the handle you choose and never your full name or email address

Readers will vote on the most compelling posts by sharing them on Google Plus, Twitter, and Facebook. We encourage applicants to accumulate these social shares by actively promoting their pieces. In fact, the strongest applicants will probably be able to get legitimate press coverage. Just as we focus on engineers that solve our developer challenge, we’ll focus our interviews on the handful of writers with the best-written and most-shared articles.

Allright all you social media savants, info graphic rockstars and marketing mavens, time to put your money where you mouth is and get some press pickup.


  1. cancelBubble says:

    I’m a front-end developer and their “hack out backend jobs panel” is way too easy if I can figure it out.

    First thing is some user agent spoofing – change your user agent to SeatGeek – that’ll display a form to upload your resume.  It  took me probably 20 minutes to figure this first step out even though they pretty much tell you what you need to do on the page.

    Submitting the form won’t work, though.  A quick look at the source shows a hidden input field with a name=”_csrf” and a dummy value that tells you it isn’t what you need.  This kind of gives it all away.  CSRF = cross site request forgery.

    I then checked out the site cookies – run it through decodeURIComponent() and you’ll get the admin value (what you need to be to submit the form) and perhaps what I think is some token that needs to be that hidden inputs value – this is where the CSRF comes in, I believe.

    I didn’t actually upload my resume, but think I figured it out.