$100K — $150K *
Fueled by a fundamental belief that having access to financial services creates opportunity, PayPal (NASDAQ: PYPL) is committed to democratizing financial services and empowering people and businesses to join and thrive in the global economy. Our open digital payments platform gives PayPal’s 375 million active account holders the confidence to connect and transact in new and powerful ways, whether they are online, on a mobile device, in an app, or in person. Through a combination of technological innovation and strategic partnerships, PayPal creates better ways to manage and move money, and offers choice and flexibility when sending payments, paying or getting paid. Available in more than 200 markets around the world, the PayPal platform, including Braintree, Venmo and Xoom enables consumers and merchants to receive money in more than 100 currencies, withdraw funds in 56 currencies and hold balances in their PayPal accounts in 25 currencies.
PayPal is committed to democratizing financial services for the global citizens. We are looking for a high-energy, passionate, and self-driven Cybersecurity Risk Engineer, to build and deliver capabilities and services to continuous assess our threat models and analyze impacts of the rapidly evolving global landscape. The Cybersecurity Risk Engineer will maintain the library of technical and operational risk models and will have responsibilities to partner and collaborate across multi-functional teams to gain deep insight into our dynamic environments and evolving security capabilities. Participate in strategic initiatives and influence business priorities through awareness and advocacy of trending cybersecurity threats and events. If you are passionate about applied technical cybersecurity, and assessing & analyzing for threats to determine operational and technical risks, then come and join our ECS team by applying for this role.
Be a technical thought leader as part of PayPal's Enterprise Cyber Security team. Bring security expertise and a cloud-first mindset to a challenging and dynamic environment.
Research and Analyze Threats & Impacts
Develop technical hands-on knowledge and experience of PayPal’s global infrastructure and capabilities, and gain deep understanding of the company’s capabilities.
Partner with cross-functional team leads to gain awareness of evolving business and technical threat landscape, including strategic business roadmaps and external industry events & campaigns.
Develop and maintain technical and operational risk framework to analyze for threats and impacts based on classes of threat actors and capabilities, our defensive capabilities, and our operational business models.
Perform and apply quantitative analysis against various threat scenarios to develop and prioritized unanticipated impacts against PayPal.
Technical Writing, Communicate and Influence
Own and maintain the library of threat models with detailed business impact analysis.
Publish prioritized technical & operational risk models that will be consumed by the stakeholders from variety of business and technical acumens.
Maintain in-depth and detailed attack surface analysis and effectiveness of defensive capabilities.
Leverage data to influence the business – demonstrate and highlight high risks areas and decisions.
Impact on the Business
Influence business priorities and organizational decisions through operational cadences to provide awareness and education of impending and changing threats and impacts.
Collaborate across multilayer stakeholders from engineers to business leaders.
Responsible for defining metrics to measure success and performance.
Minimum of 5 years’ experience in technical security role at a large, global company in dynamic and fast-changing markets.
Demonstrated experience and confidence on hands-on assessment of multi-discipline of technology, including security infrastructure and products, hybrid cloud infrastructure, DevOps tools, web and mobile technologies.
Deep subject matter expertise in threat modeling concepts, approaches and methods. Knowledgeable in common threat assessment frameworks, such as STRIDE, PASTA, DREAD, etc., and understand nuance on effective application of the methods.
Experience in quantitative risk frameworks and perform business impact analysis, such as FAIR, OCTAVE, COBIT, etc.
Experience with large software engineering and security engineering organizations.
Excellent communication and technical writing skills.
Demonstrated ability to assess complex business problems, perform technical assessments, and perform operational business assessments.
Ability to lead discussions and align cross-functional teams to security concepts and risks.
Develop the business, information, and technical artifacts that articulates and describes technical threats, business impacts and operational risks.
Valid through: 4/20/2021