Vulnerability Management Engineer

At eBay, we're more than a global ecommerce leader - we're changing the way the world shops and sells. Our platform empowers millions of buyers and sellers in more than 190 markets around the world. We're committed to pushing boundaries and leaving our mark as we reinvent the future of ecommerce for enthusiasts.

Our customers are our compass, authenticity thrives, bold ideas are welcome, and everyone can bring their unique selves to work - every day. We're in this together, sustaining the future of our customers, our company, and our planet.

Join a team of passionate thinkers, innovators, and dreamers - and help us connect people and build communities to create economic opportunity for all.

Information Security Engineer 3- Vulnerability Management (T24)

About the team and role:

The Global Information Security team is responsible for driving Cybersecurity Vulnerability Management, Hardening and Configuration Management and Patching activities for eBay Payments, Marketplaces, Corporate IT, and adjacent businesses. You will play a critical role working directly with business and technology teams to support Operating System and Infrastructure Hardening and Configuration compliance initiatives. You will partner across the organization to drive teamwork and response on Security misconfigurations, Drift from established hardening standards and threats impacting eBay Infrastructure and be able to coordinate teams and remediation actions quickly to minimize impact.

What you will accomplish:

• Develop, maintain, and implement secure OS baseline configurations aligned with CIS benchmarks and internal security standards.
• Partner with Platform, Cloud, and ECD teams to integrate OS hardening controls into infrastructure build and deployment pipelines.
• Automate OS hardening implementation using Ansible or Terraform, and validate enforcement through compliance scanning.
• Continuously monitor and assess systems for configuration drift, unauthorized changes, or deviations from security baselines.
• Collaborate with Compliance teams to ensure hardening standards address emerging threats and regulatory requirements.
• Provide remediation guidance to system administrators and application owners on secure configuration practices.
• Measure and report on hardening coverage, compliance rates, and drift metrics (KPIs/KRIs) to leadership.

What you will bring:

• 3-5 years of experience in Infrastructure Security with exposure to vulnerability management and OS hardening in Linux environments (e.g., RHEL, Ubuntu).
• Working knowledge of OS vulnerability and configuration lifecycle management, patch processes
• Deep familiarity with CIS Benchmarks or equivalent standards.
• Familiarity with CI/CD pipelines, containerized environments (Docker/Kubernetes), and leveraging security checks integrated into automated workflows.
• Scripting proficiency in Python, Bash, or PowerShell for automating scanning, remediation, or compliance validation tasks.
• Strong analytical and problem-solving skills with attention to detail in identifying and prioritizing security risks.
• Ability to work cross-functionally across global teams and effectively communicate technical security information.

Desired Qualifications:

• Experience integrating OS hardening with CI/CD pipelines and Infrastructure-as-Code environments.
• Understanding cloud-native hardening guidelines (AWS, Google Cloud Platform, Azure)
• Experience using ServiceNow, including features (related to Vulnerability Response and Orchestration) within ServiceNow is highly preferred
• Experience with Data Analytics platforms (Splunk etc.) is desirable.

The base pay range for this position is expected in the range below:
$95,200 - $168,700

Base pay offered may vary depending on multiple individualized factors, including location, skills, and experience. The total compensation package for this position may also include other elements, including a target bonus and restricted stock units (as applicable) in addition to a full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as PTO and parental leave). Details of participation in these benefit plans will be provided if an employee receives an offer of employment.

If hired, employees will be in an "at-will position" and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.

Please see the Talent Privacy Notice for information regarding how eBay handles your personal data collected when you use the eBay Careers website or apply for a job with eBay.

eBay is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, veteran status, and disability, or other legally protected status. If you have a need that requires accommodation, please contact us at We will make every effort to respond to your request for accommodation as soon as possible. View our accessibility statement to learn more about eBay's commitment to ensuring digital accessibility for people with disabilities. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

The eBay Jobs website uses cookies to enhance your experience. By continuing to browse the site, you agree to our use of cookies. Visit our Privacy Center for more information.