Please note that this site has updated features that do not run on older versions of Internet Explorer. For an optimal experience, please use another browser or the most recent version of IE.

Senior Product Security Engineer in Austin at PayPal

Date Posted: 11/20/2020

Job Snapshot

Job Description

Fueled by a fundamental belief that having access to financial services creates opportunity, PayPal (NASDAQ: PYPL) is committed to democratizing financial services and empowering people and businesses to join and thrive in the global economy. Our open digital payments platform gives PayPal’s 305 million active account holders the confidence to connect and transact in new and powerful ways, whether they are online, on a mobile device, in an app, or in person. Through a combination of technological innovation and strategic partnerships, PayPal creates better ways to manage and move money, and offers choice and flexibility when sending payments, paying or getting paid. Available in more than 200 markets around the world, the PayPal platform, including Braintree, Venmo and Xoom enables consumers and merchants to receive money in more than 100 currencies, withdraw funds in 56 currencies and hold balances in their PayPal accounts in 25 currencies.

We are seeking an intelligent and motivated security engineer to join PayPal’s Information Security team and help lead application security. Our ideal candidate is excited about the opportunity to innovate on the cutting edge of security across frontend, backend and mobile codebases, through deep technical security knowledge and a solid work ethic. In this role, you will work in the M&A Integration team and work on the front lines driving application security. A typical day might include identifying a potential application security gaps, meeting with the application developers to evaluate security implications of new application functionality, reviewing code ahead of deploys, implementing SDLC controls, and designing new authentication and authorization mechanisms. You’ll be supporting our growing suite of advanced tools, improving automation, and developing application security models.

Senior Product Security Engineer

About Us

PayPal was founded on the principles of breaking down the intimidating barriers around financial transactions to make them intuitive, friendly, and even fun. And it worked: people love sending money with PayPal, and we’re growing by leaps and bounds!

But we’re only just getting started. We want to take that magic of sending money with PayPal and cascade it into every place where people use money. That means connecting people to their money in the most intuitive and fun way possible, then connecting people with each other. Users already love PayPal, but we know there are lots of things we haven’t thought of to make the experience of using PayPal even more delightful and valuable. All that’s going to take a lot of figuring out. Let’s figure it out together!

Information Security at PayPal

We are seeking an intelligent and motivated security engineer to join PayPal’s Information Security team and help lead application security. Our ideal candidate is excited about the opportunity to innovate on the cutting edge of security across frontend, backend and mobile codebases, through deep technical security knowledge and a solid work ethic. In this role, you will work in the M&A Integration team and work on the front lines driving application security. A typical day might include identifying a potential application security gaps, meeting with the application developers to evaluate security implications of new application functionality, reviewing code ahead of deploys, implementing SDLC controls, and designing new authentication and authorization mechanisms. You’ll be supporting our growing suite of advanced tools, improving automation, and developing application security models.

Responsibilities

  • Support code reviews across a mixed language codebase
  • Manage security integration into the SDLC at PayPal
  • Manage application bug process
  • Partner with developer team and architects to design, implement and improve application security solutions
  • Share experience with authentication and authorization models, modern mobile security methodologies, applied cryptography, and secure-by-design development practices
  • Advocate security awareness and teach secure behavior and methods
  • Lead technical security incident response activities and forensic investigations
  • Implement best-practice security procedures, standards, and guidelines in the application space
  • Perform threat-modeling and triage, review, and work with engineers across the organization to resolve bug bounty submissions and penetration testing results
  • Assist in compliance activities such as external audits from customers, regulatory compliance projects, and overall information security reviews
  • Support integration with PayPal Information Security and be central point of contact. 

Requirements

  • Bachelor’s degree in Computer Science/Engineering/Information Security or equivalent work experience
  • Minimum 5 years of on the job application security experience
  • Strong experience with Python, Swift, Android and Java  secure development
  • Deep, demonstrable expertise in: 
    • Identifying and resolving OWASP Top 10 vulnerabilities
    • Threat modeling in an Agile environment
    • Cryptography implementations
    • Authentication and authorization schemes
  • Technical monitoring, troubleshooting, impact determination, and problem solving
  • Ability to perform technical risk assessments, evaluate Static Application Security Testing (SAST) tool results, triage security testing results and manage security response actions.
  • Self-starter, able to work with a mix of technical and non-technical clients
  • Strong documentation skills are a must.

Preferred

  • Experience with financial industry security governance, including PCI DSS, SOC2 and state regulations
  • Experience using Burp Suite, Zap, Arachni, or other Dynamic Application Security Testing (DAST) tools for both manual and automated testing
  • Experience in software development using Python, Java or other languages.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don't hesitate to apply.


We're a purpose-driven company whose beliefs are the foundation for how we conduct business every day. We hold ourselves to our One Team Behaviors which demand that we hold the highest ethical standards, to empower an open and diverse workplace, and strive to treat everyone who is touched by our business with dignity and respect. Our employees challenge the status quo, ask questions, and find solutions. We want to break down barriers to financial empowerment. Join us as we change the way the world defines financial freedom.

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at paypalglobaltalentacquisition@paypal.com.

R0059843