Senior Vulnerability Management Engineer

About the Team

The Global Information Security team is responsible for performing Cybersecurity vulnerability management activities for eBay Payments, Marketplaces, Corporate IT, and adjacent businesses. The Senior Vulnerability Management Engineer will play a critical role working directly with business and technology teams to identify, report and provide remediation support to business and technology teams for cybersecurity vulnerabilities. You will partner across the organization to drive teamwork and response on new vulnerabilities and threats impacting eBay and be able to organize teams and remediation actions quickly to minimize impact. Additionally you will run and improve the vulnerability management program operations including working with junior level team members to carry out the program chart

Key Responsibilities

• Run operations for the Cybersecurity vulnerability program to ensure effective delivery of assessments; solutions; remediation; business unit level reporting; process improvements; and documentation.
• Establish and prioritize security vulnerability assessment activities including integration into Depop and eBay's software development lifecycle.
• Communicate security vulnerability risks to business and technology teams and leaders to ensure a clear understanding of these risks and guidance on how to remediate them.
• Track all vulnerability remediation efforts and drive accountability across the organization for remediation. Escalate issues and problems when needed.
• Assess current and emerging threats, cyber attacks and zero-day vulnerabilities that pose risks to Depop and eBay.
• Provide execution in maturing the vulnerability management program to meet the ongoing needs of the business and regulatory obligations. Support compliance and risk management activities.
• Ensure alignment to eBay’s security policies, standards, and methodologies.
• Communicate and present key security vulnerability initiatives, practices, and issues to business units.
• Establish, monitor, and report Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) and metrics for the Security Vulnerability Program.
• Leverage or implement security tools to improve monitoring functions and drive automation and efficiencies.
• Identify and apply industry resources and Global Information Security domain guides to develop industry leading security vulnerability management solutions and approaches.
• Must be able to interface and coordinate work efficiently and effectively with business colleagues and vendors in global locations and time zones.

Requirements

• 5+ years of demonstrated ability within information security vulnerability management including the remediation process to address operating system and application vulnerabilities.
• Experience using ServiceNow including sophisticated features within ServiceNow; Kubernetes environments that include building, deploying and deleting containerized images; and industry standard development release processes including the use of development pipelines, GitHub and other common release management tools.
• Deep technical understanding of infrastructure security vulnerability management requirements and solutions, as well as threats and challenges impacting the protection of information across an extended global enterprise.
• Capable of flexing between high level strategic concepts & frameworks to tactical operational implementation.
• Self-starter with a bias towards action and can thrive in a fast-paced and ambiguous environment.
• Exceptional interpersonal skills including clear and concise writing, an engaging presentation style, and group facilitation.
• Strong partnership skills with a demonstrable ability to collaborate across teams and roles.
• Must be able to interface, influence, and coordinate work efficiently and effectively with business colleagues in multiple locations at all levels.
• Strong analytical, organizational and decision making skills.
• Ability to quickly learn new environments and technologies.
• Experience with security vulnerability management tools a plus (e.g. Qualys, Tenable, and Anchore).

Benefits

• Maternal leave
• Paternal leave
• Paid sabbatical

Diversity & Inclusion

Here at eBay, we love creating opportunities for others by connecting people from widely diverse backgrounds, perspectives, and geographies. So, being diverse and inclusive isn’t just something we strive for, it is who we are, and part of what we do each and every single day. We want to ensure that as an employee, you feel eBay is a place where, no matter who you are, you feel safe, included, and that you have the opportunity to bring your unique self to work.