Staff Cybersecurity Engineer

The Company

PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy.

We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers.

We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards. Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade.

Our beliefs are the foundation for how we conduct business every day. We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities.

Job Summary:

As a Staff Engineer in the Product Security team, will design, develop, deliver and maintain innovative core products and services that enable PayPal to serve its customers with revolutionary security. This senior role will give the opportunity to develop skills, collaborate across teams, mentor peers and continue learning in a rapidly changing environment.

Job Description:

Essential Responsibilities:

• Leverage specialized security expertise to identify and resolve complex security issues, recommending best practices and determining new approaches that have an impact on broader security operations, while aligning security strategies with business priorities
• Partner across teams and key stakeholders to drive security initiatives, leading and solutioning complex projects and programs to strengthen overall security posture.
• Apply advanced analytical skills and sound judgment to solve security challenges, considering diverse perspectives and innovative solutions. Stay current with industry trends and emerging technologies, understanding their security implications to the company’s context.
• Directly contribute to improvements within the security domain and occasionally beyond, ensuring decisions lead to meaningful enhancements in security practices.
• Leverage relationships across teams, both within and outside of security, to influence initiatives and integrate feedback into security processes.

Minimum Qualifications:

• Minimum of 8 years of relevant work experience and a Bachelor's degree or equivalent experience.

Preferred Qualification:

Your way to impact

• You will be responsible for engineering security solutions into developer CI/CD workflows to identify vulnerabilities in PayPal’s code ensuring that they can be remediated before causing damage
• You will ensure that vulnerabilities are identified natively and efficiently within existing developer workflows, enabling faster, simpler remediation work
• You will apply your engineering skills to ensure that security solutions are of high quality, robustly tested, and performant
• This role is best served with prior experience in cyber security engineering with capability to dive deep into various technologies, have a thirst for being on the cutting edge, and have a passion for security

Your day to day

• Define and improve application security in the SDLC, ensuring security is prioritized from inception to deployment.
• Develop and measure KPIs to report on the program’s progress toward key objectives and goals
• Implement and Test Next Gen AppSec products as part of SDLC.
• Gain expertise and deep understanding of PayPal’s development cycles, platforms and technology.
• Collaborate with Security Architects, Product Manager, Program Manager and other teams to deliver high quality products.
• Apply your technical expertise to guide the team in making intelligent and pragmatic design decisions.
• Help identify and develop ways to improve our team's efficiency by expanding on our existing tools and processes.
• Mentor junior engineers and interns as they develop their skills.

What do you need to bring

• At least 8 years of experience in application security or software development
• Programming experience in at least one language such as Java, Python, JavaScript, Ruby, Go
• A strong familiarity with application security scanners such as SAST, SCA, DAST
• Expert knowledge of Git, common CI/CD pipelines, and other standard developer tools
• Knowledge of OWASP top 10 and a deep understanding of web application and mobile app vulnerabilities.
• Experience with data structures, software design, RESTful APIs, containers, SQL & NoSQL – an advantage
• Working knowledge of major cloud platforms such asGoogle Cloud, AWS, Azure – an advantage.
• Industry certifications (e.g.,CISSP, CISM, CCSP, or equivalent) – an advantage.
• Familiarity withiOS, Android and browser SDK development – an advantage.