Information Security Engineer

Company: PayPal
Location: Austin
Posted on: May 27, 2023

Job Description:

At PayPal (NASDAQ: PYPL), we believe that every person has the right to participate fully in the global economy. Our mission is to democratize financial services to ensure that everyone, regardless of background or economic standing, has access to affordable, convenient, and secure products and services to take control of their financial lives.Job Description Summary:What you need to know about the role:We are seeking motivated Security Engineers to join PayPal, Threat Management Engineering team in the Enterprise Cyber Security Org. In this role, you will report directly to the Security Engineering manager and work with various engineering teams, all things related to Cyber Security.Threat Management Engineering team works to create and maintain the safest operating environment for PayPal users and developers. As a Security Engineer, you help protect network boundaries, support the secure configuration and use of On-prem Datacenter, GCP/AWS infrastructure, and services, keep computer systems and network devices hardened against attacks and provide security services to protect sensitive data. Security Engineers work hands-on with network and computer services and actively monitor our systems for attacks and intrusions. You also work with software engineers to proactively identify and fix security flaws and vulnerabilities and security exposures.Job Description:Meet our team:Security Engineers in Threat Management Engineering team work on a broad set of efforts focusing on scaling and automating security infrastructure and processes. We solve user and corporate security concerns, help investigate security incidents, perform security gap analysis, build, and integrate systems, conduct applied research, and implement novel technologies and engineer solutions to deal with enterprise security across a diversity of computing platforms such as on-prem, cloud and mobile.Your way to impact:Candidate will develop, support, tune and deploy Web Application Firewall security solutions across PayPal. Primary day-today job duties involve -

• Web Application Security: Engineering, deployment, and operations of Web Application Firewall security solutions and integration of those platforms with other security solutions as required.
• Performing hands-on Web Application Firewall deployment, configuration, policy fine-tuning and maintenance
• DDoS: Performing hands-on Web DDoS policies deployment, configuration, policy fine-tuning and maintenance
• Take part in monthly/yearly DDoS tests. Coordinate with BUs, stakeholders for DDoS tests, prepare DDoS test scenarios
• Investigate and Analyse data using SIEM tool - SplunkYour day to day:
  • Engineers, configures, deploys, and maintains Web Application Firewall solutions
  • Develops advanced alerts/reports to meet the requirements of key stakeholders
  • Develops automation for security tools management and workflow integration
  • Collaborates with key stakeholders within Information Security and Engineering teams to develop specific use cases to address specific business needs
  • Creates WAF rules/signatures to mitigate threats and implements best practices
  • Creation and implementation of custom alerting dashboards in SIEM for investigations - SPLUNK
  • Works extensively with different stakeholders across PayPal for tuning WAF policies or creating custom signatures
  • Aids in gathering metrics for measuring Performance and Risk
  • Provides ongoing support to existing monitoring capabilities and data collection systems.
  • Provides development support for the expansion and implementation of new systems.
  • Network traffic analysis and various log data to determine the threat against the target infrastructure, recommend appropriate countermeasures, and assess damage
  • Be the single point of contact and the focal point for accepting, collecting, sorting, ordering, and passing on incoming information for the reported security incident events
  • Basic understanding of tools and processes used in security incident detection and handling
  • Experience with troubleshooting and configuring networking devices, application platforms, and database, Windows and UNIX system administration ---
  • Must have solid understanding of TCP/IP networking, web infrastructure applications, and scripting (Perl, Python, etc.)
  • Recommend configuration changes to improve the performance, usability, and value of threat analysis tools
  • Must be able to multi-task, work in a fast-paced environment and participate in incident remediation as needed
  • Responsible for personal development through enhancement of technical skills and active participation in the team function performance process
  • Continue to grow a personal support network by developing and building relationships throughout internal organizations
  • Develop effective leadership and teamwork skillsWhat do you need to bring:Over 5 years of experience in Cybersecurity engineering with experience that includes configuring and managing Web Application Firewalls.Web Application Firewall/Security Experience:
    • Excellent understanding of DDoS techniques and mitigation mechanisms
    • Solid understanding of web applications, web servers, application firewalls, frameworks and protocols with respect to web application development, deployment, and operation
    • Extensive knowledge of web technologies and concepts
    • Strong understanding of TCP/IP, web protocols and networking concepts
    • Expertise in one or more areas such as operating systems, web services, programming languages, network devices, application vulnerabilities and attack vectors
    • Experience in reviewing and analysing log files and data correlation
    • Experience with managing Web/Application Servers
    • Scripting/programming using Python
    • Excellent understanding of PKI Technology
    • Excellent knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools
    • Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
    • Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms
    • Experience with Web Application Firewall management and rules
    • Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)Cyber Defense and Incident Response:
      • Solid understanding of Incident Response Process
      • Prior experience in Security Operations and Incident Response
      • Excellent understanding of Cyber Security Operations, Incident Response processesNice-to-have:
        • Bachelor's degree in computer science or a related technical field
        • Relevant Certifications in GCP/AWS/Azure, Terraform, Puppet, DevOps
        • CISSP, SANS GPEN, GXPN, SANS GIAC AWS Security
        • OSCP (Offensive SecurityCertifiedProfessional) is a PlusWe know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please do not hesitate to apply.Additional Job Description:Subsidiary:PayPalTravel Percent:0-PayPal is committed to fair and equitable compensation practices.Actual Compensation is based on various factors including but not limited to work location, and relevant skills and experience.The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .The U.S. national annual pay range for this role is$84500 to $204600Our Benefits:At PayPal, we're committed to building an equitable and inclusive global economy. And we can't do this without our most important asset-you. That's why we offer benefits to help you thrive in every stage of life. We champion your financial, physical, and mental health by offering valuable benefits and resources to help you care for the whole you.We have great benefits including a flexible work environment, employee shares options, health and life insurance and more. To learn more about our benefits please visit Who We Are:to learn more about our culture and community.PayPal has remained at the forefront of the digital payment revolution for more than 20 years. By leveraging technology to make financial services and commerce more convenient, affordable, and secure, the PayPal platform is empowering more than 400 million consumers and merchants in more than 200 markets to join and thrive in the global economy. For more information, visit paypal.com.PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at .As part of PayPal's commitment to employees' health and safety, we have established in-office Covid-19 protocols and requirements, based on expert guidance. Depending on location, this might include a Covid-19 vaccination requirement for any employee whose role requires them to work onsite. Employees may request reasonable accommodation based on a medical condition or religious belief that prevents them from being vaccinated.

Keywords: PayPal, Austin , Information Security Engineer, Engineering , Austin, Texas