SOC, CSIRT Shift Lead

San Jose, California Requisition Number R0024661 Subsidiary eBay

Looking for a company that inspires passion, courage and imagination, where you can be part of the team shaping the future of global commerce? Want to shape how millions of people buy, sell, connect, and share around the world? If you’re interested in joining a purpose driven community that is dedicated to creating an ambitious and inclusive workplace, join eBay – a company you can be proud to be a part of.

eBay is seeking a CSIRT Analyst Shift Lead for a 24/7/365 Security Operations Center. This specific position requires the ability to work Swing and/or Graveyard shifts with rotations into Day shift and on-call rotations.

Working within eBay’s Computer Security Incident Response Team (CSIRT) you will have the opportunity to build innovative solutions to identify and mitigate information-security threats.  You will work collaboratively to creatively solve complex security problems in a heterogeneous environment.   

With your leadership, we’re building the best security incident response team in the industry.  Your skills, vision, tenacity, and passion will help us defend and respond daily to keep eBays’ critical information assets away from threats and hackers.

Candidates must have extensive experience working with various security methodologies and processes, advanced knowledge of TCP/IP protocols, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices.

Must demonstrate expert knowledge in two (2) or more of the following areas:

Vulnerability Assessment and Pen Testing, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Encryption, Web-filtering, Advanced Treat Protection, Email Security, Digital Forensics, Monitoring and Detection, Cyber Intelligence Analysis.

Core Job Functions Include:

  • Leadership – Guides the CSIRT team in its day-to-day operations, covers during on-call rotations with shift leads, and manages ticket queue/workload.
  • Escalations – Responding to escalated events from security analysts to develop/execute security controls, Defense/countermeasures to prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems.
  • Research – Researching attempted or successful efforts to compromise systems security and designs countermeasures.
  • Communications – Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems.
  • Digital Forensics – As it relates to information systems, performs HR investigations and legal holds in a forensically sound manner. Consults with HR and legal subject matter experts to adhere to local country law
  • Coverage – Must be willing to work shift work (Day, Swing, Graveyard), weekends, and holidays as well as participate in our shift lead on-call rotation.

To be successful in this position, you should be proficient with:

  • Incident Response – Getting people to do the right thing in the middle of an investigation.
  • Offensive Techniques – Penetration testing, IOCs, and exploits at all layers of the stack.
  • Logs - you should be comfortable with a SEIM to be able to gather and analyze logs to recreate incidents and hunt for threats.
  • System Forensics – Basic understanding of image acquisition techniques, memory forensics, and the like.
  • Networking Fundamentals - TCP/IP Protocols (HTTP, DNS, FTP, DHCP, ARP, etc.), and Wireshark/TCPDump.
  • Scripting – Should be familiar in scripting in at least one of the following: python, perl or a similar language.
  • Risk Analysis – Taking a vulnerability in a particular environment and understanding the practical associated risk.


  • Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field.
  • Minimum five (5) years of professional experience in incident detection and response, malware analysis, or digital forensics.

Must have at least one (2) of the following certifications:

  • Cisco: CCNA, CCNP
  • Offensive Security: OSCP, OSCE, OSWP and OSEE
  • EnCase: EnCE

In addition, minimum of three (3) years of specialized experience in one or more of the following areas:

  • Security Assessment or Offensive Security
  • Application Security
  • Security Operations Center/Security Incident Response
  • Cyber intelligence Analysis

At eBay, your work makes a difference. We believe that we can build a better form of commerce that is enabled by people, supported by technology, and open to everyone – creating more opportunity for all.

This website uses cookies to enhance your experience. By continuing to browse the site, you agree to our use of cookies

View our privacy policy

View our accessibility info

eBay Inc. is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, veteran status, and disability, or other legally protected status.  If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at  We will make every effort to respond to your request for disability assistance as soon as possible.

For more information see:

EEO is the Law Poster

EEO is the Law Poster Supplement


Your Saved Jobs

You have not saved any jobs.

Recently Viewed Jobs

You have not viewed any jobs.


Receive new career opportunities as soon as they become available!

Areas of InterestSearch for a category, location, or category/location pair, select a term from the suggestions, and click "Add".

  • IT and Technical Operations, San Jose, California, United StatesRemove