Senior Detection and Response Engineer

Senior Detection and Response Engineer

About The Role

This critical position allows you to work at the forefront of cybersecurity technology and information technology risk, where you will detect, investigate, and respond to threats across our global environment. Collaborate with world‑class teams including SOC, engineering, HR/Legal, and other security teams to reduce risk and secure eBay’s global marketplace.

Responsibilities

• Lead incident response across a broad range of scenarios including external intrusion, insider threats, and misuse involving endpoints, identity, cloud, Kubernetes/container layers, and network infrastructure.
• Investigate escalated issues by prioritizing impact, reconstructing activity from telemetry, identifying root cause, and driving containment, eradication, and recovery.
• Build and improve detections by developing, tuning, and maintaining SIEM correlation rules and alerting logic—balancing coverage and noise to reduce false positives and improve time‑to‑detect.
• Threat hunt proactively to identify attacker behavior (TTPs), validate hypotheses, and surface gaps in visibility.
• Develop automation and tooling to simplify repetitive tasks like enrichment, triage, evidence collection, and response actions. This includes using AI or agent‑style workflows that reduce toil while remaining safe, auditable, and reliable.
• Perform digital forensics in a forensically sound manner. Support People Team investigations and legal holds in partnership with People Team and eBay Legal stakeholders.
• Apply a threat‑modeling approach to new systems, infrastructure, and features. Identify potential issues, the signals needed to detect them, and response methods. Then translate these into specific telemetry and response requirements for engineering teams.
• Track adversary tradecraft and translate research into actionable countermeasures, playbooks, and detective controls.
• Communicate clearly and consistently through incident updates, reporting to collaborators, and post‑incident reviews that promote measurable improvement.

Note: This position will require participation in an on‑call rotation, with potential nights and weekends as incident workloads dictate.

You May Be a Good Fit If You

• Hold 5+ years of experience in incident response, detection engineering, or threat hunting, which includes designing detections, carrying out investigations, and optimizing operational playbooks.
• Understand modern adversary TTPs and can convert them into pragmatic detection strategies and mitigation steps.
• Are comfortable in cloud and SaaS environments and can build detection approaches that apply across major cloud platforms (AWS/Azure/GCP/OCI) when possible.
• Have experience working in Kubernetes/containerized environments, including creating detections from cluster telemetry and understanding common failure and attack patterns (workloads, nodes, control plane, networking).
• Can analyze lower‑level infrastructure risks such as segmentation or telemetry gaps, hidden control paths, and datacenter, firmware, or BMC‑related surfaces. Then, convert these into monitoring and response needs.
• Are strong with network fundamentals (TCP/IP) and comfortable using tools like Wireshark/tcpdump during investigations.
• Have experience with host and/or memory forensics concepts and can apply them during active incidents.
• Can write automation in Python, Bash, Perl, or similar—and enjoy “directing” tooling (including AI/agent workflows) rather than doing everything manually.
• Communicate clearly and collaborate well across teams, translating D&R needs into streamlined requirements and ensuring follow‑through among technical and non‑technical collaborators.
• Have solid understanding of EDR, SIEM, SOAR, or related security tools.

Strong Candidates May Also Have

• Experience with SOAR playbooks/workflows and response automation at scale.
• Experience analyzing attacker behavior and prototyping high‑quality detections (behavioral analytics, correlation, anomaly triage).
• Experience in threat intelligence, malware examination, infrastructure as code, detection engineering, or forensics.
• Experience in a high‑growth environment where ambiguity is common and initiative matters.
• Background in offensive security (pen‑testing/red team) and/or mapping detections to observed attacker behavior.

Additional Details

eBay is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, veteran status, disability, or other legally protected status. If you have a need that requires accommodation, please contact us at talent@ebay.com.

#J-18808-Ljbffr…