Candidates must have extensive experience working with various security methodologies and processes, advanced knowledge of TCP/IP protocols, extensive experience providing analysis and trending of security threats from various threat intelligence sources.
Core Job Functions Include:
- Identify and assess internal and external cybersecurity risks that threaten the security or integrity of eBay's eCommerce and payments platforms including all non-public information stored on systems.
- Establish policies commensurate with eBay's risk and complexity that addresses the concepts of threat information sharing through appropriate ISACs and other intelligence sharing bodies.
- Modify control structures to use threat intelligence and build collaboration processes to identify and respond to information on threats and vulnerabilities.
- Develop and formalize effective threat identification and assessment processes (Threat Knowledge), including maintaining procedures for obtaining, monitoring, assessing, classifying severity, and responding to evolving threats and vulnerabilities. Use this Threat Knowledge to drive risk assessments and response.
- Develop, maintain, and update a repository of cybersecurity threat and vulnerability information that may be used in conducting risk assessments and provide updates to senior management, eBay board of directors, and eCI board of directors on cyber risk trends.
- Conduct research and evaluate intelligence data - with specific emphasis on tactics, techniques, and procedures - focusing on threats facing eBay's eCommerce and payments processing systems.
- Correlate threat data from various sources and analyze network events to establish the identity and modus operandi of malicious users active in or posing potential threats to eBay.
- Report security performance against established security metrics and compare to other similar businesses in the eCommerce and payments space.
- Work closely within various Global Information Security teams and eBay's Legal, and Risk teams to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors.
- Conduct complex cyber intelligence analysis, coordination, and interaction across a broad range of eBay, it's adjacencies, and third-party ISAC partners.
- Understand the trade-offs required to communicate the different levels of risk tolerance and risk exposures across the organization and balance this with risk investments
- Coordinate with technology and business groups to assess, implement, and monitor business-related security risks/hazards.
- Prepare assessments and cyber threat profiles of current events based on the sophisticated collection, research, and analysis of classified and open source information
- Produces high-quality papers, presentations, recommendations, and findings for Senior Level Management and Enterprise Technology Leaders
- Provides briefings and presentations to leadership supporting Information Security and Network Operations decision making
- Provide situational awareness to executives and stakeholders of emerging threats and breaches in a timely fashion with appropriate guidance on impact to eBay, Inc.
To be successful in this position, you should be proficient with:
Communication – ability to articulate complex cyber threats to non-technical business partners. Proven competency in business writing and speaking for technical and executive audiences.
Teach – ability to train security concepts to other teams
Offensive Techniques – Penetration testing, IOCs, and exploits at all layers of the stack.
Logs Analysis - Comfortable with SEIM searching to gather and analyze logs to recreate incidents and hunt for threats.
System Forensics – Basic understanding of image acquisition techniques, memory forensics, and analysis
Networking Fundamentals - TCP/IP Protocols (HTTP, DNS, FTP, DHCP, ARP, etc.), and Wireshark/TCPDump.
Scripting – Should be familiar in scripting in at least one of the following: python, perl or a similar language.
Risk Analysis – Prior work experience analyzing threat and vulnerability data; classifying threats/vulnerabilities to determine severity and prioritize against existing system states, determining threats causing critical risk to business.
- Bachelor's degree in Information Assurance, Information Security, Cyber Intelligence, or related field.
- 5+ years of experience in Cyber Threat Intelligence
- Must have at least one (1) of the following certifications:
- SANS GIAC: GCTI, ISC2: CISSP, NICCS: CCIP, EC Council: C|TIA
In addition, minimum of one (1) year of specialized experience in one or more of the following areas:
- Security Assessment or Offensive Security
- Application Security
- Security Operations Cente