Please note that this site has updated features that do not run on older versions of Internet Explorer. For an optimal experience, please use another browser or the most recent version of IE.

Sr. Security Engineer in Shanghai at PayPal

Date Posted: 3/5/2020

Job Snapshot

Job Description

Fueled by a fundamental belief that having access to financial services creates opportunity, PayPal (NASDAQ: PYPL) is committed to democratizing financial services and empowering people and businesses to join and thrive in the global economy. Our open digital payments platform gives PayPal’s 305 million active account holders the confidence to connect and transact in new and powerful ways, whether they are online, on a mobile device, in an app, or in person. Through a combination of technological innovation and strategic partnerships, PayPal creates better ways to manage and move money, and offers choice and flexibility when sending payments, paying or getting paid. Available in more than 200 markets around the world, the PayPal platform, including Braintree, Venmo and Xoom enables consumers and merchants to receive money in more than 100 currencies, withdraw funds in 56 currencies and hold balances in their PayPal accounts in 25 currencies.

The Product & Technology, China team is looking for a passionate, self-driven Information security manager join the team. Conducting security assessments, architecture reviews, threat modeling of the application stack, including applications built on cloud and emerging technologies Design and develop platform level solutions to promote security related initiatives and improvements. Review source code for potential security issues, recommend and implement fixes. Write security test cases to check for vulnerabilities or broken/missing security controls Providing specific risk assessment and remediation guidelines for developers and business owners Helping manage and triage findings from security tools and static and dynamic scanners Conduct penetration testing against our applications, services, and environments; reporting underlying security issues and proposing appropriate security controls Research the latest security standard methodologies, trends, threats and vulnerabilities, and technology frameworks Document and disseminating security guidelines for common security issues, remediation guidance, and security baselines Work with developers to provide security guidance and mentor them as necessary. Actively promote improving the security culture and education within the organization.

Required Skills

  • 5+ years of experience in web and mobile application security, SSDLC, Threat Modeling
  • Deep understanding of web and mobile application security threats, exploits, prevention
  • Ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities
  • Experience in penetration testing, vulnerability scanning, SAST and DAST. Familiar with tools and technologies used.
  • Passion for understanding and researching vulnerabilities and exploitation techniques
  • Knowledge of development and integration tools and technologies (e.g. CI/CD)
  • Knowledge of test automation frameworks and how they can be brought to bear for security QE
  • Proficiency in networking concepts (firewalls, load balancers, etc)
  • Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
  • Keeps up with industry trends in security technology and threats
  • Having a background in web application development and/or code auditing strongly preferred
  • Ability to work in a self directed environment that is highly collaborative and cross functional

Experience Requirements

  • BS in Computer Science or Equivalent

We're a purpose-driven company whose beliefs are the foundation for how we conduct business every day. We hold ourselves to our One Team Behaviors which demand that we hold the highest ethical standards, to empower an open and diverse workplace, and strive to treat everyone who is touched by our business with dignity and respect. Our employees challenge the status quo, ask questions, and find solutions. We want to break down barriers to financial empowerment. Join us as we change the way the world defines financial freedom.

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at paypalglobaltalentacquisition@paypal.com.

R0053245