Mts Information Security jobs at Paypal in France, Toulouse

Essential Responsibilities:

• Independently apply security best practices to enhance and optimize systems, ensuring robust protection and efficiency, while beginning to understand and align security solutions with business objectives.
• Partner with peers and internal teams to drive security initiatives, contribute to cross-functional projects, and at times co-lead efforts to strengthen security posture.
• Analyze and resolve security challenges by adapting standard processes and exploring alternative approaches to address complex threats.
• Influence the quality, efficiency, and effectiveness of the team through informed decision-making, with a potential impact on other teams.
• Collaborate with other engineers to gather and incorporate feedback, driving continuous improvements in security processes.

Expected Qualifications:

• 3+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.

• Leverage specialized security expertise to identify and resolve complex security issues, recommending best practices and determining new approaches that have an impact on broader security operations, while aligning security strategies with business priorities
• Partner across teams and key stakeholders to drive security initiatives, leading and solutioning complex projects and programs to strengthen overall security posture.
• Apply advanced analytical skills and sound judgment to solve security challenges, considering diverse perspectives and innovative solutions. Stay current with industry trends and emerging technologies, understanding their security implications to the company’s context.
• Directly contribute to improvements within the security domain and occasionally beyond, ensuring decisions lead to meaningful enhancements in security practices.
• Leverage relationships across teams, both within and outside of security, to influence initiatives and integrate feedback into security processes.

• You will be responsible for engineering security solutions into developer CI/CD workflows to identify vulnerabilities in PayPal’s code ensuring that they can be remediated before causing damage
• You will ensure that vulnerabilities are identified natively and efficiently within existing developer workflows, enabling faster, simpler remediation work
• You will apply your engineering skills to ensure that security solutions are of high quality, robustly tested, and performant
• This role is best served with prior experience in cyber security engineering with capability to dive deep into various technologies, have a thirst for being on the cutting edge, and have a passion for security

• Define and improve application security in the SDLC, ensuring security is prioritized from inception to deployment.
• Develop and measure KPIs to report on the program’s progress toward key objectives and goals
• Implement and Test Next Gen AppSec products as part of SDLC.
• Gain expertise and deep understanding of PayPal’s development cycles, platforms and technology.
• Collaborate with Security Architects, Product Manager, Program Manager and other teams to deliver high quality products.
• Apply your technical expertise to guide the team in making intelligent and pragmatic design decisions.
• Help identify and develop ways to improve our team's efficiency by expanding on our existing tools and processes.
• Mentor junior engineers and interns as they develop their skills.

• At least 3 years of experience in application security or software development and a Bachelor's degree OR any equivalent combination of education and experience
• Programming experience in at least one language such as Java, Python, JavaScript, Ruby, Go
• A strong familiarity with application security scanners such as SAST, SCA, DAST
• Expert knowledge of Git, common CI/CD pipelines, and other standard developer tools
• Knowledge of OWASP top 10 and a deep understanding of web application and mobile app vulnerabilities.
• Experience with data structures, software design, RESTful APIs, containers, SQL & NoSQL – an advantage
• Working knowledge of major cloud platforms such as Google Cloud, AWS, Azure – an advantage.
• Industry certifications (e.g.,CISSP, CISM, CCSP, or equivalent) – an advantage.
• Familiarity with iOS, Android and browser SDK development – an advantage.

Travel Percent:

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The US national annual pay range for this role is $123,500 to $212,850

Our Benefits:

Any general requests for consideration of your skills, please

As a Staff Product Security Engineer at PayPal, you’ll drive secure design practices that safeguard 434M accounts and $1.6T in annual payment volume. You’ll lead the Security Design Reviews Program and Security Champions Program, partner with engineering and product leaders to scale consistent security processes, and serve as the escalation point for complex design assessments. Through technical leadership and mentorship, you’ll influence product architecture decisions across PayPal’s global ecosystem.

Essential Responsibilities:

• Recognized as a security expert, independently resolving the most complex security challenges and providing strategic direction on problem resolution across the security domain.
• Define methods and procedures for new or special assignments, collaborating with cross-functional teams to drive security initiatives that align with business needs and objectives.
• Lead complex, high-impact security projects of diverse scope, applying an in-depth understanding of business trends and security challenges to develop innovative solutions.
• Possess a keen awareness of the broader impact of decisions, with initiatives often leading to enterprise-wide improvements that enhance security practices and operational efficiency.

Expected Qualifications:

• 8+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.

Responsibilities

• Lead and evolve PayPal’s Security Design Reviews and Security Champions programs, defining processes, tooling, and automation to enable scalable, high-quality reviews across all business units.
• Serve as the primary escalation point for complex product design and architecture reviews, guiding resolution of nuanced or high-risk issues.
• Define product architecture security strategy and drive the integration of security design practices into global engineering workflows.
• Determine methods and procedures for evaluating, prioritizing, and remediating security risks at scale.

• Deliver targeted training and coaching that empowers teams to build securely at scale.

• Partner with senior engineering and product leadership to influence technology direction, ensuring security is embedded in platform and product architecture decisions.
• Drive cross-functional, global initiatives that improve security posture and engineering efficiency, focusing on systemic risk reduction and process modernization.
• Lead the secure design and integration of AI and large language models (LLMs) in PayPal products and internal tooling.
• Develop and scale self-service security tooling, automation, and metrics for consistent program performance and visibility.
• Mentor and develop engineers across Product Security and the wider organization, fostering a culture of secure-by-design thinking.
• Stay ahead of emerging security technologies and threats, adapting program strategy to evolving risks and business priorities.

Qualifications

• 8+ years of experience in software development, application security, or cybersecurity, with proven ability to influence architecture and design decisions.
• Expertise in application security vulnerabilities (e.g., OWASP Top 10) and secure design practices.
• Proven experience driving global or enterprise-wide security initiatives or programs.
• Track record of partnering with developers to remediate vulnerabilities and implement robust security controls.

Preferred Qualifications

• Experience architecting and operating security review programs or equivalent governance initiatives.
• Hands-on familiarity with application security tools (SAST, DAST, SCA, WAF, Burp Suite).
• Strong programming experience in at least one language such as Ruby, Java, Python, JavaScript, or Swift.
• Knowledge of Kubernetes, Terraform, and version control systems such as Git.
• Hands-on experience with at least one major cloud vendor (AWS, Azure, GCP).
• Strong understanding of authentication and authorization protocols (OAuth 2.0, SAML).
• Experience with AI or ML security, including model security and data protection considerations.

• Strong written and verbal communication skills, with the ability to influence both technical and executive audiences.
• Experience mentoring and developing engineers.

Responsibilities can be tailored based on business need, experience, and interest. In your day-to-day role, here are some activities you may be involved in:

• Setting strategic direction for the Security Design Reviews Program and ensuring consistent adoption across global product lines.
• Partnering with business unit leaders to scale the Security Champions Program, aligning outcomes with engineering productivity and security maturity goals.
• Reviewing and advising on high-impact architecture and product designs, providing deep technical expertise in secure systems engineering.
• Identifying systemic security gaps and driving multi-quarter initiatives to address root causes across teams and platforms.
• Overseeing development of automation and tooling that improves efficiency and quality of security assessments.
• Collaborating with senior leadership to define long-term product security strategy and metrics for success.
• Mentoring and coaching engineers to expand their technical and leadership capabilities.
• Representing Product Security in company-wide technical discussions, architectural councils, and global security initiatives.
• Leading post-incident architectural reviews and influencing design patterns that prevent recurrence.
• Anticipating emerging risks and evolving program focus to proactively address new threat vectors.

Travel Percent:

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The US national annual pay range for this role is $152,500 to $262,350

Any general requests for consideration of your skills, please

This job handles assignments requiring foundational knowledge of security technologies, works closely with peers to strengthen security practices, applies judgment within established processes, and recommends efficiency improvements.

Essential Responsibilities:

• Independently handle assignments that require foundational knowledge of security technologies and processes while developing business expertise
• Work closely with peers and experienced team members to strengthen security practices. Take direction, contribute to team processes, and continuously learn while establishing relationships within the security domain.
• Apply sound judgment within established security processes and procedures to assess and address security-related tasks.
• Identify and recommend efficiency improvements within the team and related peer teams to enhance security operations. Contributes to process development.

Expected Qualifications:

• 1+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.

Travel Percent:

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The US national annual pay range for this role is $100,500 to $173,250

Our Benefits:

Any general requests for consideration of your skills, please

Sr. Analyst, Cybersecurity Operations focused on cloud security. As a key player in our Cloud Assurance team, you will help provide comprehensive visibility into cloud infrastructures, monitor for misconfigurations, and proactively detect threats.

Essential Responsibilities:

• Independently apply security best practices to enhance and optimize cyber threat management, ensuring robust protection and efficiency, while beginning to understand and align security measures with business objectives.
• Partner with peers and internal teams to drive security initiatives, contribute to cross-functional projects, and at times co-lead efforts to strengthen security posture and cyber threat management.
• Analyze and resolve security challenges by adapting standard cyber threat management processes and exploring alternative approaches to address complex threats.
• Influence the quality, efficiency, and effectiveness of the team through informed decision-making, with a potential impact on other teams.
• Collaborate with key partners to gather and incorporate feedback, driving continuous improvements in cyber threat management.

Minimum Qualifications:

• Minimum of 5 years of relevant work experience and a Bachelor's degree or equivalent experience.

Your day to day:

This role will be focused primarily on the security in AWS and GCP cloud environments at PayPal. This will include the security aspects of infrastructure, build pipelines, application design, cloud native service and tool design patterns, stakeholder communications, consulting and advisement of peer security teams, and solution review and approval. Daily tasks will include but not limited to:

• Onboarding Cloud accounts (such as Azure, AWS & GCP) – this includes access grant, enabling policies, configuring baselines, configuring agents (if applicable), verifying health status
• Administer CSPM solution – this includes managing user roles, audit logs, manage API access
• Discover cloud assets – this includes gaining visibility and manage cloud assets
• Manage Security policies and Benchmarks – this includes configuring CSPs specific security policies, industry specific compliance policies (such as PCI), benchmarks standards (such as CIS, NIST, etc.)
• Respond to alerts – this includes monitor, investigate and triage incidents based on actionable alerts
• Manage OS hardening – this includes administer operating system baseline and hardening
• Integration with 3rd party systems – this includes manage changes, requests on integration with other systems (such as ITSM and CI/CD Tools)
• Remediation guidance – this includes providing recommendations to the stakeholders to fix the potential threats, applying configurations on the systems to maintain IT security regulatory compliance and standards
• Manage reports – this includes providing reports to the business and IT stakeholders

What do you need to bring:

• 5+ years’ experience in Cloud Security, CSPM
• Collaborate with the team to design and deliver scalable back-end services that enhance our leading CSPM platform
• Develop user-friendly command-line utilities that interact with our web services
• Excellent communication and documentation skills
• Provide integration support and documentation for various teams, including UX/UI and Sensors
• Configure and monitor uptime alerts related to the services you manage
• Continuously improve architecture, models, user experience, performance, and stability through rapid prototyping and agile decision-making
• Innovate and refine methods to utilize data for automating global-scale cyber threat intelligence
• Contribute to building a platform that secures the entire lifecycle of cloud workloads for our customers
• Proficiency in at least one object-oriented programming language with strong typing
• Experience in developing and using RESTful API web services
• Familiarity with cloud provider APIs and CLI tools for AWS, Azure, and GCP
• Experience withinfrastructure-as-codetools like CloudFormation, Terraform, and Azure Templates
• Hands-on experience with Docker containers in Kubernetes environments
• Experience with message queues including defining messages, estimating sizes and rates, and monitoring lag
• Experience with RDBMS databases and SQL, such as Postgres

Preferred certifications:

• Cloud Security related certifications (AWS, GCP)
• Bachelors / Master’s Degree in Computer Science / Cybersecurity or related field

Bonus Points:

• Industry experience or certifications related to CNAPP, CSPM, or Cloud Security
• Experience with application observability tools such as Splunk and PagerDuty
• Experience managing production environments with Postgres, Kubernetes etc.
• Familiarity with graph structures, data, and graph databases
• Compliance knowledge/experience
• Automation

Travel Percent:

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The US national annual pay range for this role is $111,500 to $191,950

Our Benefits:

Any general requests for consideration of your skills, please

Essential Responsibilities:

• Independently apply security best practices to enhance and optimize systems, ensuring robust protection and efficiency, while beginning to understand and align security solutions with business objectives.
• Partner with peers and internal teams to drive security initiatives, contribute to cross-functional projects, and at times co-lead efforts to strengthen security posture.
• Analyze and resolve security challenges by adapting standard processes and exploring alternative approaches to address complex threats.
• Influence the quality, efficiency, and effectiveness of the team through informed decision-making, with a potential impact on other teams.
• Collaborate with other engineers to gather and incorporate feedback, driving continuous improvements in security processes.

Minimum Qualifications:

• Minimum of 5 years of relevant work experience and a Bachelor's degree or equivalent experience.

Your way to

You are curious about trends in the vulnerability data and propose steps to in the largest risk reduction. You takeresources and develop cross functional action plans

Your day to day:

Responsibilities will be tailored based on business need, experience, and interest. In your day-to-day role, you will:

• You help drive the operational workflow around application security vulnerabilities

• determinethe impact of vulnerabilities in our environment and communicate them to stakeholders across the company

• You will report to the Senior Manager, Threat Exposure Management and provide updates on critical vulnerabilities and overall posture

• You love to play detective and find patterns in thedata pointing to root causes that unlock mitigation opportunities

• identify,driveand implement process improvements to reduce the time to detect and mitigate vulnerabilities and increase overall efficiency

• You will work with our internal and external service providers/vendors to resolve blockers andmaintainhigh quality service

• will bework with TEM/Product Security leadership tomaintaintheforward lookingroadmap for the team, including defining and monitoring performance against Objectives and Key Results (OKRs), planning for new capabilities, evaluating vendors, and individual career development plans

• You have and encourage a passion for cybersecurity and learning through asking questions and experimenting with different approaches

• Provide consulting and advisement to software engineers on best practices, secure coding techniques, and vulnerability remediation

• Document and automate vulnerability management runbooks

• Stay up to date with the latest security trends, technologies, vulnerabilities, and attacks, and incorporate this knowledge intoyourday to day

What you need to bring:

• At least 5 years of experience in an application security or software development discipline; 2+ years doing this at large enterprise scale

• Strong programming experience in at least one language such as Ruby, Java, Python, JavaScript, Swift.

• Experience with interpreting the results of vulnerability scanning tools: SAST, API security scanners, software composition analysis

• Experience working with developers to communicate deficiencies and implement security measures.

• Experience inidentifyingand remediating common application security vulnerabilities such as OWASP Top 10 and a deep understanding of web application and mobile app vulnerabilities.

• Excellent written and verbal communication skills.

• Ability to work independently and as part of a team.

• Experience with implementing and configuring vulnerability managementplatforms/applicationsecurity posture management platforms (for example,Seemplicity, Kenna,Brinqa, Vulcan,ArmorCode)

• Excellent written and verbal communication skills.

• Familiarity with relevant financial services regulations and security standards, such as PCI-DSS and ISO27001

• operatein fast-paced environment, in a self-driven manner, taking initiative and ownership to propose improvements and solutions

• Demonstrate attention to detail, excellent analytical thinking,communicationand time management skills

• in working with large data sets todeterminepatterns and drive to key takeaways

• Ability to mentor and guide junior team members.

• Experience with at least one of the main cloud vendors is a plus (Amazon Web Services, Azure, Google Cloud Platform)

• Industry certifications (e.g., CISSP, CISM, CCSP,CSSLPor equivalent)are a plus

Travel Percent:

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The US national annual pay range for this role is $123,500 to $212,850

Our Benefits:

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us

Any general requests for consideration of your skills, please

Your day to day

• Develop and implement a robust enterprise-wide oversight program for core infrastructure domains.

• Subject matter expert for both risk and maturity assessments.

• Provide collaborative credible challenge for oversight activities.

• Identify missing or inadequate controls.

• Ensure compliance oversight for internal policies, legal, and regulatory requirements.

• Identify and ensure mitigation of risks associated with IT asset, Configuration, and Change Management along with Resiliency.

• Establish trusted working relationships with key partners across engineering, architecture, security, compliance, and legal teams.

What do you need to bring:

• Advanced knowledge of IT asset, Configuration, Change management and Resiliency principles and best practices.

• Experience with enterprise architecture and manging large scale cloud and on premise infrastructure.

• Knowledge of current and emerging information technologies (e.g., AI / ML); cybersecurity threats and vulnerabilities; risk management processes and practices; industry standard control frameworks and best practices (e.g., NIST, ISO); and prominent cybersecurity and privacy regulations globally.

• Strong work ethic with proven ability to learn quickly, prioritize work, and manage complex deliverables to completion under established deadlines.

• Superb consultative, adjudicative, investigative, and influencing skills, including business acumen, stakeholder empathy, and conflict resolution, as well as general comfort working in a dynamic, global, fluid, and matrixed working environment.

• Exceptional verbal and written communication and analysis skills, including experience developing high-quality written analysis, strategy, or standards documents

• Unquestionable professional and ethical integrity, ideally demonstrated through experience with projects of a sensitive, privileged, or confidential nature.

• Ability to approach and understand problems from a statistical or quantitative perspective and draw meaningful, accurate conclusions, as well as scrutinize models and inferences for misleading or overlooked considerations.

• Degree in a relevant discipline, such as cybersecurity, business, engineering, risk management, or computer science

7+ year’s experience in infrastructure management , technology or security engineering, risk management, and / or compliance roles

Travel Percent:

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The US national annual pay range for this role is $152,500 to $262,350

Any general requests for consideration of your skills, please

What you need to know about the role:

Meet our team:

Travel Percent:

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The U.S. national annual pay range for this role is

$72700 to $176000

Our Benefits:

Any general requests for consideration of your skills, please