Red Team Engineer in Scottsdale at PayPal

Date Posted: 9/7/2018

Job Snapshot

Job Description

Fueled by a fundamental belief that having access to financial services creates opportunity, PayPal (NASDAQ: PYPL) is committed to democratizing financial services and empowering people and businesses to join and thrive in the global economy. Our open digital payments platform gives PayPal’s 244 million active account holders the confidence to connect and transact in new and powerful ways, whether they are online, on a mobile device, in an app, or in person. Through a combination of technological innovation and strategic partnerships, PayPal creates better ways to manage and move money, and offers choice and flexibility when sending payments, paying or getting paid. Available in more than 200 markets around the world, the PayPal platform, including Braintree, Venmo and Xoom enables consumers and merchants to receive money in more than 100 currencies, withdraw funds in 56 currencies and hold balances in their PayPal accounts in 25 currencies.

Job Summary

This position works for the PayPal Red Team. We are looking for person who is passionate about security and thrives in a dynamic and high-pressure environment and is an expert in offensive security tactics and techniques. The candidate would be responsible for evaluating PayPal’s computing environments from an attacker prospective and will work closely across security and technology teams. The candidate is expected to be a self-starter and a team player, a strong driver for results and continual improvement.



If you are the kind of person who thinks outside of the box, brings an extra edge to the table to accomplish tasks, and desires to apply their real-world experience with a world-class team in the ever-changing field of security, then please apply for this position.

About

Through a combination of technological innovation and strategic partnerships, PayPal creates better ways to manage and move money and offers choice and flexibility when sending payments, paying or getting paid.


We build BIG and NEW products to drive worldwide commerce.  Be it the next mobile payments solution, or a high availability money movement platform, we solve problems on a scale you can't find elsewhere.  PayPal continues to push the boundaries of technology by investing in individuals who passionately believe in the potential of innovative technologies that make up global marketplaces.


Job Description

  • Utilize a variety of techniques to perform adversarial testing including active campaigns, simulations, and table top exercises.
  • Conduct full scope red team / purple team engagements using off-the-shelf or self-developed exploitation tools, techniques, and document findings for internal customer remediation.
  • Maintain working knowledge of advanced cyber threat actor tactics, techniques and procedures (TTP), and emulate these TTP to assess vulnerability and risk related to technology, process, and people.
  • Perform proactive research to identify and understand new threats, vulnerabilities, and exploits.
  • Produce and deliver reports to clients in the form of briefings and reports.
  • Work with defenders to strengthen preventative and detective controls.
  • Mentor and train fellow team members in new technologies and techniques.
  • Document and present on new testing methodologies to internal and external teams.
  • Develop and document new post-exploitation tools and techniques for use by internal and external customers.
  • Excel as both a self-directed individual contributor and as a member of a larger team.

Qualifications

  • 8+ years of experience in a technology or security related field.
  • 4+ years of experience with executing web application, network, and system red team, purple team, or penetration tests.
  • Strong written and verbal communication skills, including the ability to articulate technical concepts, impacts, risks, mitigations, and remediation guidance.
  • Experience leveraging open-source and commercial penetration testing tools and techniques, including Metasploit, Cobalt Strike, Core Impact, Kali, BurpSuite, etc.
  • Advanced scripting experience (Python, Bash, Perl, PowerShell, Command Shell, etc).
  • Ability to mentor junior and mid-level staff by teaching the latest threat actor tactics, techniques and procedures.
  • Ability to leave ego at the door and act with one team behaviors.
  • Relevant certifications (OSCP, OSCE, OSWE, GXPN, GWAPT, etc.) desired but not required.

We're a purpose-driven company whose beliefs are the foundation for how we conduct business every day. We hold ourselves to our One Team Behaviors which demand that we hold the highest ethical standards, to empower an open and diverse workplace, and strive to treat everyone who is touched by our business with dignity and respect. Our employees challenge the status quo, ask questions, and find solutions. We want to break down barriers to financial empowerment. Join us as we change the way the world defines financial freedom.

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities.

R0036823