Senior Application Security Engineer

At PayPal (NASDAQ: PYPL), we believe that every person has the right to participate fully in the global economy. Our mission is to democratize financial services to ensure that everyone, regardless of background or economic standing, has access to affordable, convenient, and secure products and services to take control of their financial lives.

Summary: At PayPal (NASDAQ: PYPL), we believe that every person has the right to participate fully in the global economy. Our mission is to democratize financial services to ensure that everyone, regardless of background or economic standing, has access to affordable, convenient, and secure products and services to take control of their financial lives. Senior Application Security Engineer: We are seeking an experienced Senior Application Security Engineer to join our Enterprise Cyber Security (ECS) Cloud Application Security Operations team. In this role, you will be responsible for driving application security efforts in PayPal’s business lines (e.g., Braintree, Chargehound, Happy Returns, Honey, Hyperwallet, Venmo, Xoom, Zettle). As a Sr. Cloud Application Security Engineer, your will be responsible for ensuring we have the proper visibility, detection, and operations to protect our branded experiences and customers. Your primary responsibilities will involve driving the roadmap and delivery of a comprehensive strategy to capture all critical stages, triggers, and activities within our product delivery and deployment pipeline. You will be expected to take into account our native tooling and existing processes while investigating and solving for best-in-class security automation in all stages of the product development and deployment lifecycle. You will lead, advocate, and assist in creating the tooling and infrastructure that drives our next-generation detection and response pipelines. You will work closely with teams across the company to provide tooling and automation to scale detection and response across all environments. As a member of our Cyber Security team, you will also aid and assist in a wide variety of efforts including secure code reviews, threat modeling, vulnerability review, DDoS mitigation, penetration testing, and other security responsibilities. You will partner with your fellow security engineers and developers to keep our business lines growing and secure!

:

What you need to know about the role:
We are seeking an experienced Senior Application Security Engineer to join our Enterprise Cyber Security (ECS) Cloud Application Security Operations team. In this role, you will be responsible for driving application security efforts in PayPal’s business lines (e.g., Braintree, Chargehound, Happy Returns, Honey, Hyperwallet, Venmo, Xoom, Zettle).

Meet our team:

This role will work closely with different teams within cyber security and line of business partners building, implementing, and operating high impact application security and technology changes. This role will have opportunities to keep up with current and emerging threats in the industry and latest bleeding edge tech to identify gaps or areas to improve upon in cyber security.

Your way to impact:

If you are the kind of person who thinks outside of the box, brings an extra edge to the table to accomplish tasks, and desires to gain real-world experience with a world-class team in the ever-changing field of security, then please apply for this position.

Your day to day:

• Perform security code reviews across various programming languages.
• Provide consulting and advisement to engineers on best practices, secure coding techniques, and vulnerability remediation.
• Analyze potential threats and vulnerabilities to our systems, applications, and processes.
• Stay up to date with the latest security trends, technologies, vulnerabilities, and attacks, and incorporate this knowledge into threat models.
• Work closely with engineers, developers, and security teams to identify security issues and appropriate mitigating controls.
• Document and automate incident response and vulnerability management runbooks.
• Implement and manage application security tools such as code scanners, HSMs, and WAFs.
• Support the development of new product features by conducting security design reviews, facilitating penetration tests, and contributing to threat models.
• Respond to incidents as both an incident commander and contributor.

What do you need to bring:

• At least 5 years of experience in a cyber security or software development discipline
• Experience working with developers to communicate deficiencies and implement security measures.
• Experience in identifying and remediating common application security vulnerabilities such as OWASP Top 10 and a deep understanding of web application and mobile app vulnerabilities.
• Strong programming experience in at least one language such as Ruby, Java, Python, JavaScript, Swift. Expect to spend time writing and reviewing code.
• Knowledge of Kubernetes, terraform, and source code management systems such as git.
• Hands on experience with at least one of the main cloud vendors (Amazon Web Services, Azure, Google Cloud Platform)
• Ability to work independently and as part of a team.
• Experience with any of the following application security tools: SAST, DAST, API security scanners, WAF, software composition analysis
• Ability to mentor and guide junior team members.
• Excellent written and verbal communication skills.

Desirable Skills:

• Big plus for experience in speaking / publishing in relevant security conferences
• Familiarity with regulatory frameworks such ISO 27001, PCI DSS, SOC 1 & 2, etc.
• Experience with Splunk or similar log management and analysis tools, including the ability to collect, analyze, and visualize large datasets.
• Extra bonus points for forensic analysis experience (logs, hosts, images, etc.)
• Experience with applied cryptography including HSMs and key management systems.
• Big plus if you have publicly released tools or modules

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don't hesitate to apply.

PayPal is committed to fair and equitable compensation practices.

Actual Compensation is based on various factors including but not limited to work location, and relevant skills and experience.

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit https://www.paypalbenefits.com.

The U.S. national annual pay range for this role is $84500 to $204600

Our Benefits:

At PayPal, we’re committed to building an equitable and inclusive global economy. And we can’t do this without our most important asset—you. That’s why we offer benefits to help you thrive in every stage of life. We champion your financial, physical, and mental health by offering valuable benefits and resources to help you care for the whole you.

We have great benefits including a flexible work environment, employee shares options, health and life insurance and more. To learn more about our benefits please visit https://www.paypalbenefits.com

Who We Are:

To learn more about our culture and community visit https://about.pypl.com/who-we-are/default.aspx

PayPal has remained at the forefront of the digital payment revolution for more than 20 years. By leveraging technology to make financial services and commerce more convenient, affordable, and secure, the PayPal platform is empowering more than 400 million consumers and merchants in more than 200 markets to join and thrive in the global economy. For more information, visit paypal.com.

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at [email protected].

As part of PayPal’s commitment to employees’ health and safety, we have established in-office Covid-19 protocols and requirements, based on expert guidance. Depending on location, this might include a Covid-19 vaccination requirement for any employee whose role requires them to work onsite. Employees may request reasonable accommodation based on a medical condition or religious belief that prevents them from being vaccinated.