About The Team
eBay’s Red Team is charged with testing the security of all software and systems deployed within the enterprise. From brand new platforms and payment systems to legacy systems and code, everything is in scope. The team is split between a traditional Red Team, whose job is to hack into systems and steal data, along with Penetration Testing, a team that very actively (and sometimes retroactively) tests systems and code searching for every vulnerability. Our team is a well-respected, highly technical group within eBay’s Infosec team.
Do you want to be the tip of the spear, ensuring that eBay is as secure as possible?
Do you have what it takes to root out all the vulnerabilities in an environment with hundreds of thousands of systems and millions of lines of code?
Do you thrive in an independent environment, where each team member is trusted to scope, test, and help remediate issues?
Do you want to work somewhere that prizes work-life balance?
This eBay team might be the perfect fit for you!
Job Description
We are looking for an information security engineer with experience in payments to perform penetration testing and security reviews of eBay’s next generation payments system.
Ideally you will have worked on an existing payments platform, and have experience in dealing with payments fraud and other payments-specific security issues.
Since the daily duties of the job will be penetration testing, you should have experience with all aspects of this such as discovering vulnerabilities, reporting on them, and assisting with remediation.
As this is a senior level role, it is expected that you would have strong communication, technical writing, and other skills in addition to a strong technical background.
Qualifications
Perform penetration testing against infrastructure and code deployed across new and legacy platforms within eBay Prepare documentation of findings, recommendations, and other subjects as needed Collaborate with security architects, platform engineers, developers, and operations teams to ensure secure design, development, and deployment of next-generation platforms Collaborate with customer teams on vulnerability remediation and design revisions We would need you to be able to independently scope, test, and validate major code and design features, while working with the penetration testing team lead on project prioritization You should have the ability to read and test code written in Java, JavaScript, and Python You should have a background in securing payments-based systems, ideally with experience in payments fraud and related issues You should be familiar with common penetration testing tools such as BURP Suite, Wireshark, nmap, and related
