Senior Detection and Response Engineer

At eBay, we're more than a global ecommerce leader — we’re changing the way the world shops and sells. Our platform empowers millions of buyers and sellers in more than 190 markets around the world. We’re committed to pushing boundaries and leaving our mark as we reinvent the future of ecommerce for enthusiasts.

Our customers are our compass, authenticity thrives, bold ideas are welcome, and everyone can bring their unique selves to work — every day. We're in this together, sustaining the future of our customers, our company, and our planet.

Join a team of passionate thinkers, innovators, and dreamers — and help us connect people and build communities to create economic opportunity for all.

About the Role

This critical position allows you to work at the forefront of cybersecurity technology and information technology risk, where you will detect, investigate, and respond to threats across our global environment. Collaborate with world-class teams including SOC, engineering, HR/Legal, and other security teams to reduce risk and secure eBays global marketplace.

Responsibilities

• Lead incident response across a broad range of scenarios including external intrusion, insider threats, and misuse involving endpoints, identity, cloud, Kubernetes/container layers, and network infrastructure.

• Investigate escalated issues by prioritising impact, reconstructing activity from telemetry, identifying root cause, and driving containment, eradication, and recovery.

• Apply a threat-modeling approach to new systems, infrastructure, and features. Identify potential issues, the signals needed to detect them, and response methods. Then translate these into specific telemetry and response requirements for engineering teams.

• Build and improve detections by developing, tuning, and maintaining SIEM correlation rules and alerting logic—balancing coverage and noise to reduce false positives and improve time-to-detect.

• Threat hunt proactively to identify attacker behavior (TTPs), validate hypotheses, and surface gaps in visibility.

• Develop automation and tooling to simplify repetitive tasks like enrichment, triage, evidence collection, and response actions. This includes using AI or agent-style workflows that reduce toil while remaining safe, auditable, and reliable.

• Track adversary tradecraft and translate research into actionable countermeasures, playbooks, and detective controls.

• Perform digital forensics in a forensically sound manner. Support People Team investigations and legal holds in partnership with People Team and eBay Legal stakeholders.

• Communicate clearly and consistently through incident updates, reporting to collaborators, and post-incident reviews that promote measurable improvement

Note: This position will require participation in an on-call rotation.

You May Be a Good Fit If You

• Hold 7+ years of experience in incident response, detection engineering, or threat hunting, which includes designing detections, carrying out investigations, and optimising operational automations.

• Understand modern adversary TTPs and can convert them into pragmatic detection strategies and mitigation steps.

• Are comfortable in cloud and SaaS environments and can build detection approaches that apply across major cloud platforms (AWS/Azure/GCP) when possible.

• Have experience working in Kubernetes/containerized environments, including creating detections from cluster telemetry and understanding common failure and attack patterns (workloads, nodes, control plane, networking).

• Are strong with network fundamentals and comfortable using tools to analyze network traffic.

• Have experience with digital forensics concepts and can apply them during active incidents.

• Can write automation in Python or similar—and enjoy “directing” tooling including AI/agent workflows rather than doing things manually.

• Communicate clearly and collaborate well across teams, translating D&R needs into streamlined requirements and ensuring follow-through among technical and non-technical collaborators.

Strong Candidates May Also Have

• Experience analyzing attacker behavior and prototyping high-quality detections.

• Experience in threat intelligence, malware analysis, infrastructure as code, detection engineering, or digital forensics.

• Experience in a diverse technical environment where ambiguity is common and initiative matters.

• Background in offensive security (pen-testing/red team) and/or mapping detections to observed attacker behavior.

• Experience with SOAR playbooks/workflows and response automation at scale.

• Understanding of regulatory requirements for Monitoring, PCI, Payments and other financial services regulations.

__

Office-based. Richmond, UK
3 days a week in-office required

Additional Details

eBay is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, veteran status, and disability, or other legally protected status. If you have a need that requires accommodation, please contact us at [email protected]. We will make every effort to respond to your request for accommodation as soon as possible. View our accessibility statement to learn more about eBay's commitment to ensuring digital accessibility for people with disabilities.

We use cookies to enhance your experience and may use AI tools for administrative tasks in the hiring process. To learn how we handle your personal data and use AI responsibly, please visit our Talent Privacy Notice, Privacy Center, and AI Hiring Guidelines.