Please note that this site has updated features that do not run on older versions of Internet Explorer. For an optimal experience, please use another browser or the most recent version of IE.

Sr. Devsecops Automation Engineer in Scottsdale at PayPal

Date Posted: 10/20/2020

Job Snapshot

Job Description

Fueled by a fundamental belief that having access to financial services creates opportunity, PayPal (NASDAQ: PYPL) is committed to democratizing financial services and empowering people and businesses to join and thrive in the global economy. Our open digital payments platform gives PayPal’s 325 million active account holders the confidence to connect and transact in new and powerful ways, whether they are online, on a mobile device, in an app, or in person. Through a combination of technological innovation and strategic partnerships, PayPal creates better ways to manage and move money, and offers choice and flexibility when sending payments, paying or getting paid. Available in more than 200 markets around the world, the PayPal platform, including Braintree, Venmo and Xoom enables consumers and merchants to receive money in more than 100 currencies, withdraw funds in 56 currencies and hold balances in their PayPal accounts in 25 currencies.

As a DevSecOps Security Automation Engineer, your primary responsibility will involve driving the roadmap and delivery of a comprehensive strategy to capture all critical stages, triggers, and activities within our software delivery and deployment pipeline as recommended by the Cloud Security Alliance (CSA) DevSecOps Six Pillars strategy. You will be expected to take into account our native tooling and existing processes while investigating and solving for security automation in all stages of software development and deployment lifecycle. In addition to that, you will also be an active member of the Venmo security team and assist in a wide variety of efforts including secure code reviews, product security reviews, penetration testing, incident response, and other security responsibilities. You will partner with your fellow security engineers and developers to keep Venmo growing while keeping us secure!

Venmo Sr. DevSecOps Security Automation Engineer

Locations:

San Jose, CA, or San Francisco, CA, or Chicago, IL, or Scottsdale, AZ or Austin, TX

Venmo was founded on the principles of breaking down the intimidating barriers around financial transactions to make them intuitive, friendly, and even fun. And it worked: people love sending money with Venmo, and we’re growing by leaps and bounds!

But we’re only just getting started. We want to take that magic of sending money with Venmo and cascade it into every place where people use money. That means connecting people to their money in the most intuitive and fun way possible, then connecting people with each other. Users already love Venmo, but we know there are lots of things we haven’t thought of to make the experience of using Venmo even more delightful and valuable. All that’s going to take a lot of figuring out. Let’s figure it out together!

Information Security at Venmo

Join our highly proficient team of Security Engineers working to make Venmo more secure. Drive the building and adoption of new security tools and technologies while supporting day-to-day security activities from code reviews, vulnerability testing and remediation, incident handling and alerting and monitoring. Come join a team driven to improve the Venmo security posture through innovation, automation, and excellence.

DevSecOps Security Automation Engineer

As a DevSecOps Security Automation Engineer, your primary responsibility will involve driving the roadmap and delivery of a comprehensive strategy to capture all critical stages, triggers, and activities within our software delivery and deployment pipeline as recommended by the Cloud Security Alliance (CSA) DevSecOps Six Pillars strategy. You will be expected to take into account our native tooling and existing processes while investigating and solving for security automation in all stages of software development and deployment lifecycle.  In addition to that, you will also be an active member of the Venmo security team and assist in a wide variety of efforts including secure code reviews, product security reviews, penetration testing, incident response, and other security responsibilities. You will partner with your fellow security engineers and developers to keep Venmo growing while keeping us secure!

What You’ll Do

Support manual and automated code coverage efforts across all our code base

Manage security integration into the SDLC process at Venmo

Manage security integration into the CI/CD pipeline

Manage integration with manual and automated tools for static and dynamic testing

Identify areas for automation and tooling to increase code coverage

Establish metrics and reporting to track coverage and effectiveness of security processes

Leverage the tools and processes used throughout PayPal and Venmo

Engage with product and developers to conduct security reviews and define security requirements

Help evolve Venmo security features and services and manage security technical debt

Manage Venmo product security bug intake and remediation process

Mentor junior members of the team and act as a subject matter expert for application security issues

Collaborate on security initiatives and promote security standards across Paypal and Venmo

Conduct threat modelling and risk analysis to identify exposure and develop mitigation plans

Become a representative for the Venmo Information Security program

What We’re Looking For

Strong experience in web and mobile application security issues

Strong experience in distributed platform development security and design

In-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)

Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)

Experience with industry tools and technologies such as SAST, DAST, ISAT, SCA, etc.

Working knowledge of common languages such as Python, GO, Javascript, Java, etc.

Experience in cloud security deployment and implementation issues (AWS, AWS security)

Familiarity with audits and standards requirements such ISO 27001, PCI DSS, SOC 1 & 2, etc.

Proven expertise in enterprise-grade and web scale security solutions

Excellent communication skills

Ability to explain complex security topics in simple terms

Ability to lead and project manage multiple security initiatives

A good team player who is self-motivated and well organized


We're a purpose-driven company whose beliefs are the foundation for how we conduct business every day. We hold ourselves to our One Team Behaviors which demand that we hold the highest ethical standards, to empower an open and diverse workplace, and strive to treat everyone who is touched by our business with dignity and respect. Our employees challenge the status quo, ask questions, and find solutions. We want to break down barriers to financial empowerment. Join us as we change the way the world defines financial freedom.

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at paypalglobaltalentacquisition@paypal.com.

R0059999